Duke APT group's latest tools: cloud services and Linux support
概要
Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 4.06
Matched TTPs:
- T1014 - Rootkit
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 18.72
Matched TTPs:
- T1014 - Rootkit
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 15.58
Matched TTPs:
- T1014 - Rootkit
- T1190 - Exploit Public-Facing Application
- T1102 - Web Service
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1105 - Ingress Tool Transfer
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 21.75
Matched TTPs:
- T1014 - Rootkit
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1059.009 - Cloud API
- T1102 - Web Service
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 38.91
Matched TTPs:
- T1014 - Rootkit
- T1025 - Data from Removable Media
- T1091 - Replication Through Removable Media
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1039 - Data from Network Shared Drive
- T1546.015 - Component Object Model Hijacking
- T1203 - Exploitation for Client Execution
- T1598 - Phishing for Information
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1137.002 - Office Test
- T1078.004 - Cloud Accounts
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 19.51
Matched TTPs:
- T1014 - Rootkit
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1681 - Search Threat Vendor Data
- T1588.001 - Malware
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1059.006 - Python
MITREへのリンク →
Score: 19.92
Matched TTPs:
- T1025 - Data from Removable Media
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1105 - Ingress Tool Transfer
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 31.51
Matched TTPs:
- T1025 - Data from Removable Media
- T1080 - Taint Shared Content
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1102 - Web Service
- T1027.012 - LNK Icon Smuggling
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1001 - Data Obfuscation
- T1039 - Data from Network Shared Drive
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 25.10
Matched TTPs:
- T1025 - Data from Removable Media
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1588.001 - Malware
- T1102 - Web Service
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 36.99
Matched TTPs:
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1027.012 - LNK Icon Smuggling
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1598 - Phishing for Information
- T1219.002 - Remote Desktop Software
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 13.61
Matched TTPs:
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1195.002 - Compromise Software Supply Chain
- T1598 - Phishing for Information
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 7.41
Matched TTPs:
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1567.002 - Exfiltration to Cloud Storage
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 21.95
Matched TTPs:
- T1587.001 - Malware
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1036.003 - Rename Legitimate Utilities
- T1203 - Exploitation for Client Execution
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1027.007 - Dynamic API Resolution
- T1680 - Local Storage Discovery
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 25.59
Matched TTPs:
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1681 - Search Threat Vendor Data
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1059.006 - Python
- T1219.002 - Remote Desktop Software
- T1204.004 - Malicious Copy and Paste
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 15.17
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1588.001 - Malware
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 19.64
Matched TTPs:
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.16
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 24.87
Matched TTPs:
- T1587.001 - Malware
- T1586.003 - Cloud Accounts
- T1190 - Exploit Public-Facing Application
- T1059.009 - Cloud API
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1059.006 - Python
- T1651 - Cloud Administration Command
- T1105 - Ingress Tool Transfer
- T1078.004 - Cloud Accounts
MITREへのリンク →
Score: 7.09
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 9.71
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 21.41
Matched TTPs:
- T1587.001 - Malware
- T1080 - Taint Shared Content
- T1102 - Web Service
- T1056.002 - GUI Input Capture
- T1039 - Data from Network Shared Drive
- T1059.006 - Python
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 15.01
Matched TTPs:
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
- T1078.004 - Cloud Accounts
MITREへのリンク →
Score: 37.67
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1102 - Web Service
- T1608 - Stage Capabilities
- T1027.012 - LNK Icon Smuggling
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1567.002 - Exfiltration to Cloud Storage
- T1219.002 - Remote Desktop Software
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1027.007 - Dynamic API Resolution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 22.07
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1674 - Input Injection
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
- T1567.002 - Exfiltration to Cloud Storage
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 12.41
Matched TTPs:
- T1080 - Taint Shared Content
- T1091 - Replication Through Removable Media
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 22.25
Matched TTPs:
- T1080 - Taint Shared Content
- T1007 - System Service Discovery
- T1588.002 - Tool
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1059.006 - Python
- T1189 - Drive-by Compromise
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 10.89
Matched TTPs:
- T1080 - Taint Shared Content
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1059.006 - Python
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1007 - System Service Discovery
- T1588.001 - Malware
- T1588.002 - Tool
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 18.63
Matched TTPs:
- T1007 - System Service Discovery
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1039 - Data from Network Shared Drive
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 15.39
Matched TTPs:
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1588.001 - Malware
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1059.006 - Python
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 13.43
Matched TTPs:
- T1007 - System Service Discovery
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1570 - Lateral Tool Transfer
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1007 - System Service Discovery
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 5.83
Matched TTPs:
- T1007 - System Service Discovery
- T1588.001 - Malware
- T1588.002 - Tool
MITREへのリンク →
Score: 12.78
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 16.86
Matched TTPs:
- T1562 - Impair Defenses
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1570 - Lateral Tool Transfer
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1562 - Impair Defenses
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1570 - Lateral Tool Transfer
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.96
Matched TTPs:
- T1608.001 - Upload Malware
- T1588.001 - Malware
- T1588.002 - Tool
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.52
Matched TTPs:
- T1608.001 - Upload Malware
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1608.001 - Upload Malware
- T1588.001 - Malware
- T1102 - Web Service
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 17.40
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1608.002 - Upload Tool
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1567.002 - Exfiltration to Cloud Storage
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.39
Matched TTPs:
- T1608.001 - Upload Malware
- T1518.001 - Security Software Discovery
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.06
Matched TTPs:
- T1608.001 - Upload Malware
- T1588.001 - Malware
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1608.001 - Upload Malware
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 24.76
Matched TTPs:
- T1608.001 - Upload Malware
- T1102 - Web Service
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1036.003 - Rename Legitimate Utilities
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 8.36
Matched TTPs:
- T1608.001 - Upload Malware
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1608.001 - Upload Malware
- T1102 - Web Service
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1608.001 - Upload Malware
- T1102 - Web Service
- T1588.002 - Tool
- T1518.001 - Security Software Discovery
MITREへのリンク →
Score: 13.51
Matched TTPs:
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1588.001 - Malware
- T1203 - Exploitation for Client Execution
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1588.001 - Malware
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.40
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1195.002 - Compromise Software Supply Chain
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 20.31
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1608.002 - Upload Tool
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
- T1518.001 - Security Software Discovery
- T1650 - Acquire Access
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 26.21
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1059.009 - Cloud API
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1518.001 - Security Software Discovery
- T1219.002 - Remote Desktop Software
- T1537 - Transfer Data to Cloud Account
- T1526 - Cloud Service Discovery
- T1078.004 - Cloud Accounts
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1102 - Web Service
- T1039 - Data from Network Shared Drive
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 5.68
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 9.41
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1039 - Data from Network Shared Drive
- T1036.003 - Rename Legitimate Utilities
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 8.21
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1567.002 - Exfiltration to Cloud Storage
- T1518.001 - Security Software Discovery
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 7.46
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1569.002 - Service Execution
MITREへのリンク →
Score: 10.59
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1036.003 - Rename Legitimate Utilities
- T1570 - Lateral Tool Transfer
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 12.24
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1567.002 - Exfiltration to Cloud Storage
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 11.57
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1570 - Lateral Tool Transfer
- T1537 - Transfer Data to Cloud Account
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 11.62
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1059.006 - Python
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 9.27
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1189 - Drive-by Compromise
- T1001.002 - Steganography
MITREへのリンク →
Score: 7.19
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1567.002 - Exfiltration to Cloud Storage
- T1105 - Ingress Tool Transfer
- T1078.004 - Cloud Accounts
MITREへのリンク →
Score: 4.40
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1078.004 - Cloud Accounts
MITREへのリンク →
Score: 13.55
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 9.81
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1059.006 - Python
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 6.24
Matched TTPs:
- T1588.001 - Malware
- T1588.002 - Tool
- T1078.004 - Cloud Accounts
MITREへのリンク →
Score: 4.08
Matched TTPs:
- T1588.001 - Malware
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.49
Matched TTPs:
- T1588.001 - Malware
- T1203 - Exploitation for Client Execution
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 17.37
Matched TTPs:
- T1588.001 - Malware
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1598 - Phishing for Information
- T1219.002 - Remote Desktop Software
- T1105 - Ingress Tool Transfer
- T1078.004 - Cloud Accounts
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1542.002 - Component Firmware
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 10.36
Matched TTPs:
- T1102 - Web Service
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1518 - Software Discovery
MITREへのリンク →
Score: 8.52
Matched TTPs:
- T1102 - Web Service
- T1588.002 - Tool
- T1569.002 - Service Execution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 8.79
Matched TTPs:
- T1102 - Web Service
- T1588.002 - Tool
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 12.93
Matched TTPs:
- T1552.006 - Group Policy Preferences
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1105 - Ingress Tool Transfer
- T1078.004 - Cloud Accounts
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 19.02
Matched TTPs:
- T1552.006 - Group Policy Preferences
- T1041 - Exfiltration Over C2 Channel
- T1588.002 - Tool
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 11.33
Matched TTPs:
- T1585.003 - Cloud Accounts
- T1588.002 - Tool
- T1570 - Lateral Tool Transfer
- T1219.002 - Remote Desktop Software
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
- T1203 - Exploitation for Client Execution
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
- T1203 - Exploitation for Client Execution
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 10.54
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
- T1567.002 - Exfiltration to Cloud Storage
- T1059.006 - Python
- T1598 - Phishing for Information
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 9.09
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
- T1203 - Exploitation for Client Execution
- T1567.002 - Exfiltration to Cloud Storage
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
MITREへのリンク →
Score: 3.74
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1056.002 - GUI Input Capture
MITREへのリンク →
Score: 12.90
Matched TTPs:
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1680 - Local Storage Discovery
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 4.37
Matched TTPs:
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 10.69
Matched TTPs:
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.52
Matched TTPs:
- T1588.002 - Tool
- T1219.002 - Remote Desktop Software
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 3.08
Matched TTPs:
- T1588.002 - Tool
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 10.97
Matched TTPs:
- T1588.002 - Tool
- T1036.003 - Rename Legitimate Utilities
- T1518.001 - Security Software Discovery
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 5.36
Matched TTPs:
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 8.76
Matched TTPs:
- T1195.002 - Compromise Software Supply Chain
- T1036.003 - Rename Legitimate Utilities
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.92
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
MITREへのリンク →
Score: 6.38
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1059.006 - Python
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.26
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1059.006 - Python
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.04
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 8.77
Matched TTPs:
- T1570 - Lateral Tool Transfer
- T1569.002 - Service Execution
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 7.19
Matched TTPs:
- T1518.001 - Security Software Discovery
- T1189 - Drive-by Compromise
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 4.11
Matched TTPs:
- T1059.006 - Python
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.71
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.98
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1189 - Drive-by Compromise
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1189 - Drive-by Compromise
- T1518 - Software Discovery
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.84
Matched TTPs:
- T1137.002 - Office Test
- T1588.002 - Tool
- T1189 - Drive-by Compromise
- T1190 - Exploit Public-Facing Application
- T1025 - Data from Removable Media
- T1203 - Exploitation for Client Execution
- T1105 - Ingress Tool Transfer
- T1091 - Replication Through Removable Media
- T1078.004 - Cloud Accounts
- T1211 - Exploitation for Defense Evasion
- T1546.015 - Component Object Model Hijacking
- T1598 - Phishing for Information
- T1014 - Rootkit
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 0.78
Matched TTPs:
- T1587.001 - Malware
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
- T1203 - Exploitation for Client Execution
- T1091 - Replication Through Removable Media
- T1027.012 - LNK Icon Smuggling
- T1219.002 - Remote Desktop Software
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
- T1027.007 - Dynamic API Resolution
- T1041 - Exfiltration Over C2 Channel
- T1608 - Stage Capabilities
- T1102 - Web Service
- T1567.002 - Exfiltration to Cloud Storage
- T1518 - Software Discovery
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.77
Matched TTPs:
- T1587.001 - Malware
- T1680 - Local Storage Discovery
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
- T1190 - Exploit Public-Facing Application
- T1102.001 - Dead Drop Resolver
- T1027.012 - LNK Icon Smuggling
- T1218.010 - Regsvr32
- T1219.002 - Remote Desktop Software
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1041 - Exfiltration Over C2 Channel
- T1567.002 - Exfiltration to Cloud Storage
- T1598 - Phishing for Information
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
- T1025 - Data from Removable Media
- T1091 - Replication Through Removable Media
- T1027.012 - LNK Icon Smuggling
- T1080 - Taint Shared Content
- T1518.001 - Security Software Discovery
- T1041 - Exfiltration Over C2 Channel
- T1001 - Data Obfuscation
- T1102 - Web Service
- T1039 - Data from Network Shared Drive
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1219.002 - Remote Desktop Software
- T1218.010 - Regsvr32
- T1078.004 - Cloud Accounts
- T1518.001 - Security Software Discovery
- T1537 - Transfer Data to Cloud Account
- T1526 - Cloud Service Discovery
- T1059.009 - Cloud API
- T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1587.001 - Malware
- T1588.002 - Tool
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1025 - Data from Removable Media
- T1588.001 - Malware
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1102 - Web Service
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
- T1007 - System Service Discovery
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1587.001 - Malware
- T1680 - Local Storage Discovery
- T1105 - Ingress Tool Transfer
- T1518.001 - Security Software Discovery
- T1059.009 - Cloud API
- T1102 - Web Service
- T1014 - Rootkit
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1587.001 - Malware
- T1588.002 - Tool
- T1586.003 - Cloud Accounts
- T1190 - Exploit Public-Facing Application
- T1105 - Ingress Tool Transfer
- T1203 - Exploitation for Client Execution
- T1078.004 - Cloud Accounts
- T1651 - Cloud Administration Command
- T1059.006 - Python
- T1059.009 - Cloud API
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1588.002 - Tool
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1203 - Exploitation for Client Execution
- T1036.003 - Rename Legitimate Utilities
- T1218.010 - Regsvr32
- T1569.002 - Service Execution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
- T1041 - Exfiltration Over C2 Channel
- T1102 - Web Service
- T1570 - Lateral Tool Transfer
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1587.001 - Malware
- T1195.002 - Compromise Software Supply Chain
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
- T1190 - Exploit Public-Facing Application
- T1091 - Replication Through Removable Media
- T1569.002 - Service Execution
- T1567.002 - Exfiltration to Cloud Storage
- T1674 - Input Injection
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1587.001 - Malware
- T1588.002 - Tool
- T1219.002 - Remote Desktop Software
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
- T1681 - Search Threat Vendor Data
- T1059.006 - Python
- T1041 - Exfiltration Over C2 Channel
- T1567.002 - Exfiltration to Cloud Storage
- T1204.004 - Malicious Copy and Paste
- T1608.001 - Upload Malware
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design