Financial Threat Group Targets Volume Boot Record
概要
Nemesis, the malware ecosystem used by FIN1, includes comprehensive backdoors that support a variety of network protocols and communication channels for command and control (CnC). It provides a robust set of capabilities, including: file transfer, screen capture, keystroke logging, process injection, process manipulation, and task scheduling. The threat group continually updated the Nemesis malware during their ongoing access to the victim environment, deploying several different variants of the same tools and adding functionality between iterations. In early 2015, FIN1 updated their toolset to include a utility that modifies the legitimate system Volume Boot Record (VBR) and hijacks the system boot process to begin loading Nemesis components before the Windows operating system code. We refer to this utility as BOOTRASH.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 18.14
Matched TTPs:
- T1053.005 - Scheduled Task
- T1116 - Code Signing
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1177 - LSASS Driver
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.42
Matched TTPs:
- T1053.005 - Scheduled Task
- T1176.001 - Browser Extensions
- T1586.002 - Email Accounts
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 16.63
Matched TTPs:
- T1053.005 - Scheduled Task
- T1156 - Malicious Shell Modification
- T1218.013 - Mavinject
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 37.82
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1003.007 - Proc Filesystem
- T1590.003 - Network Trust Dependencies
- T1155 - AppleScript
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1059.003 - Windows Command Shell
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 21.01
Matched TTPs:
- T1053.005 - Scheduled Task
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1059.009 - Cloud API
- T1580 - Cloud Infrastructure Discovery
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 11.66
Matched TTPs:
- T1053.005 - Scheduled Task
- T1120 - Peripheral Device Discovery
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1570 - Lateral Tool Transfer
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 57.01
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1156 - Malicious Shell Modification
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1058 - Service Registry Permissions Weakness
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1555 - Credentials from Password Stores
- T1205 - Traffic Signaling
- T1011.001 - Exfiltration Over Bluetooth
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1564.002 - Hidden Users
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1055.015 - ListPlanting
MITREへのリンク →
Score: 25.77
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1136.002 - Domain Account
- T1036.002 - Right-to-Left Override
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 16.70
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1174 - Password Filter DLL
- T1566.004 - Spearphishing Voice
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 51.09
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1602 - Data from Configuration Repository
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1049 - System Network Connections Discovery
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1075 - Pass the Hash
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 43.53
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1070.003 - Clear Command History
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
- T1102.002 - Bidirectional Communication
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 14.14
Matched TTPs:
- T1053.005 - Scheduled Task
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 61.42
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1058 - Service Registry Permissions Weakness
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1136.001 - Local Account
- T1102 - Web Service
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1565.002 - Transmitted Data Manipulation
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1071.001 - Web Protocols
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 32.99
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1156 - Malicious Shell Modification
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1070.003 - Clear Command History
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1683 - Generate Content
- T1566.004 - Spearphishing Voice
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 27.90
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1155 - AppleScript
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
- T1686.001 - Cloud Firewall
MITREへのリンク →
Score: 17.88
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1590.003 - Network Trust Dependencies
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1583.006 - Web Services
- T1506 - Web Session Cookie
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 20.87
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1027.007 - Dynamic API Resolution
- T1001.001 - Junk Data
MITREへのリンク →
Score: 11.52
Matched TTPs:
- T1053.005 - Scheduled Task
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1583.006 - Web Services
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 25.86
Matched TTPs:
- T1053.005 - Scheduled Task
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1155 - AppleScript
- T1552.003 - Shell History
- T1583.006 - Web Services
- T1027.014 - Polymorphic Code
- T1102.002 - Bidirectional Communication
- T1506 - Web Session Cookie
- T1565.002 - Transmitted Data Manipulation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 39.56
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1580 - Cloud Infrastructure Discovery
- T1177 - LSASS Driver
- T1036.002 - Right-to-Left Override
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1546.018 - Python Startup Hooks
- T1070.009 - Clear Persistence
- T1219.002 - Remote Desktop Software
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.65
Matched TTPs:
- T1053.005 - Scheduled Task
- T1156 - Malicious Shell Modification
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1050 - New Service
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1599 - Network Boundary Bridging
- T1570 - Lateral Tool Transfer
- T1564.007 - VBA Stomping
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 13.45
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 54.51
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1059.009 - Cloud API
- T1155 - AppleScript
- T1003.001 - LSASS Memory
- T1567.001 - Exfiltration to Code Repository
- T1087.004 - Cloud Account
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1587 - Develop Capabilities
- T1204.001 - Malicious Link
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 24.13
Matched TTPs:
- T1053.005 - Scheduled Task
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1580 - Cloud Infrastructure Discovery
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1665 - Hide Infrastructure
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 42.40
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1499.001 - OS Exhaustion Flood
- T1071.004 - DNS
- T1218.013 - Mavinject
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1177 - LSASS Driver
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1055.015 - ListPlanting
MITREへのリンク →
Score: 5.29
Matched TTPs:
- T1053.005 - Scheduled Task
- T1685.002 - Disable or Modify Cloud Log
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 27.82
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1176.001 - Browser Extensions
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1562.011 - Spoof Security Alerting
MITREへのリンク →
Score: 33.67
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1602 - Data from Configuration Repository
- T1218.013 - Mavinject
- T1584.003 - Virtual Private Server
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1102 - Web Service
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1053.005 - Scheduled Task
- T1218.013 - Mavinject
- T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →
Score: 22.33
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1156 - Malicious Shell Modification
- T1218.013 - Mavinject
- T1110.002 - Password Cracking
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1599 - Network Boundary Bridging
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 5.69
Matched TTPs:
- T1053.005 - Scheduled Task
- T1199 - Trusted Relationship
- T1566.004 - Spearphishing Voice
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 5.80
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 19.79
Matched TTPs:
- T1053.005 - Scheduled Task
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1558.005 - Ccache Files
- T1584.003 - Virtual Private Server
- T1574.010 - Services File Permissions Weakness
- T1542.004 - ROMMONkit
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 20.54
Matched TTPs:
- T1053.005 - Scheduled Task
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1573 - Encrypted Channel
- T1547.013 - XDG Autostart Entries
- T1126 - Network Share Connection Removal
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 44.16
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1484 - Domain or Tenant Policy Modification
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 17.35
Matched TTPs:
- T1053.005 - Scheduled Task
- T1218.013 - Mavinject
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1059.001 - PowerShell
- T1542.004 - ROMMONkit
- T1570 - Lateral Tool Transfer
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.22
Matched TTPs:
- T1053.005 - Scheduled Task
- T1567.001 - Exfiltration to Code Repository
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 53.41
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1156 - Malicious Shell Modification
- T1552.005 - Cloud Instance Metadata API
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1176.001 - Browser Extensions
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1059.009 - Cloud API
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1055.015 - ListPlanting
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 47.28
Matched TTPs:
- T1053.005 - Scheduled Task
- T1602 - Data from Configuration Repository
- T1176.001 - Browser Extensions
- T1675 - ESXi Administration Command
- T1120 - Peripheral Device Discovery
- T1685.002 - Disable or Modify Cloud Log
- T1590.003 - Network Trust Dependencies
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1684 - Social Engineering
- T1503 - Credentials from Web Browsers
- T1059.009 - Cloud API
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1174 - Password Filter DLL
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 26.83
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1590.003 - Network Trust Dependencies
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1174 - Password Filter DLL
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.91
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1584.003 - Virtual Private Server
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 18.80
Matched TTPs:
- T1053.005 - Scheduled Task
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1584.003 - Virtual Private Server
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 95.04
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1602 - Data from Configuration Repository
- T1071.004 - DNS
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1558.005 - Ccache Files
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1070.008 - Clear Mailbox Data
- T1205 - Traffic Signaling
- T1050 - New Service
- T1070.006 - Timestomp
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1055.015 - ListPlanting
- T1665 - Hide Infrastructure
- T1587 - Develop Capabilities
- T1547.008 - LSASS Driver
- T1086 - PowerShell
- T1556 - Modify Authentication Process
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 30.52
Matched TTPs:
- T1053.005 - Scheduled Task
- T1156 - Malicious Shell Modification
- T1218.013 - Mavinject
- T1003.007 - Proc Filesystem
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1580 - Cloud Infrastructure Discovery
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1542.004 - ROMMONkit
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.69
Matched TTPs:
- T1053.005 - Scheduled Task
- T1156 - Malicious Shell Modification
- T1120 - Peripheral Device Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1087.004 - Cloud Account
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 22.57
Matched TTPs:
- T1053.005 - Scheduled Task
- T1156 - Malicious Shell Modification
- T1116 - Code Signing
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 43.52
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1156 - Malicious Shell Modification
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1518.002 - Backup Software Discovery
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 64.34
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1156 - Malicious Shell Modification
- T1552.005 - Cloud Instance Metadata API
- T1218.013 - Mavinject
- T1562.009 - Safe Mode Boot
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1058 - Service Registry Permissions Weakness
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1205 - Traffic Signaling
- T1059.009 - Cloud API
- T1036.002 - Right-to-Left Override
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1542.004 - ROMMONkit
- T1570 - Lateral Tool Transfer
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1086 - PowerShell
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 61.02
Matched TTPs:
- T1053.005 - Scheduled Task
- T1156 - Malicious Shell Modification
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1176.001 - Browser Extensions
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1205 - Traffic Signaling
- T1059.009 - Cloud API
- T1580 - Cloud Infrastructure Discovery
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1565.002 - Transmitted Data Manipulation
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1126 - Network Share Connection Removal
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 11.14
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 13.22
Matched TTPs:
- T1053.005 - Scheduled Task
- T1091 - Replication Through Removable Media
- T1036.002 - Right-to-Left Override
- T1199 - Trusted Relationship
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.31
Matched TTPs:
- T1053.005 - Scheduled Task
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 22.50
Matched TTPs:
- T1053.005 - Scheduled Task
- T1602 - Data from Configuration Repository
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1584.003 - Virtual Private Server
- T1684 - Social Engineering
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1547.013 - XDG Autostart Entries
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 10.66
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1176.001 - Browser Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 50.37
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1036.008 - Masquerade File Type
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
- T1506 - Web Session Cookie
- T1598 - Phishing for Information
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 18.70
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 29.24
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1050 - New Service
- T1580 - Cloud Infrastructure Discovery
- T1087.004 - Cloud Account
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1547.013 - XDG Autostart Entries
- T1587 - Develop Capabilities
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 19.55
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1684 - Social Engineering
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
- T1219.002 - Remote Desktop Software
- T1027.007 - Dynamic API Resolution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 52.89
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1156 - Malicious Shell Modification
- T1213.002 - Sharepoint
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1059.009 - Cloud API
- T1049 - System Network Connections Discovery
- T1102 - Web Service
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 10.29
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1176.001 - Browser Extensions
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 15.84
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1059.009 - Cloud API
- T1597 - Search Closed Sources
- T1570 - Lateral Tool Transfer
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.22
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1218.013 - Mavinject
- T1176.001 - Browser Extensions
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1102 - Web Service
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 14.40
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1120 - Peripheral Device Discovery
- T1558 - Steal or Forge Kerberos Tickets
- T1583.006 - Web Services
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.09
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1177 - LSASS Driver
- T1583.006 - Web Services
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 36.80
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1116 - Code Signing
- T1176.001 - Browser Extensions
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1155 - AppleScript
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 61.18
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1499.001 - OS Exhaustion Flood
- T1071.004 - DNS
- T1552.005 - Cloud Instance Metadata API
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1058 - Service Registry Permissions Weakness
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1608.005 - Link Target
- T1205.001 - Port Knocking
- T1583.006 - Web Services
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1548.004 - Elevated Execution with Prompt
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1564.004 - NTFS File Attributes
- T1546.007 - Netsh Helper DLL
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.28
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 3.67
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 6.26
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1584.003 - Virtual Private Server
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 21.93
Matched TTPs:
- T1213.002 - Sharepoint
- T1120 - Peripheral Device Discovery
- T1136.002 - Domain Account
- T1552.003 - Shell History
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1583.006 - Web Services
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 23.79
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1114.003 - Email Forwarding Rule
- T1583.006 - Web Services
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 41.68
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1176.001 - Browser Extensions
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1557.004 - Evil Twin
- T1071.003 - Mail Protocols
- T1583.006 - Web Services
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 57.87
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1116 - Code Signing
- T1606.002 - SAML Tokens
- T1689 - Downgrade Attack
- T1140 - Deobfuscate/Decode Files or Information
- T1021.006 - Windows Remote Management
- T1585.002 - Email Accounts
- T1090.002 - External Proxy
- T1136.002 - Domain Account
- T1583.006 - Web Services
- T1546.003 - Windows Management Instrumentation Event Subscription
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1546.002 - Screensaver
- T1070.009 - Clear Persistence
- T1219.002 - Remote Desktop Software
- T1055.015 - ListPlanting
- T1003.006 - DCSync
MITREへのリンク →
Score: 47.26
Matched TTPs:
- T1014 - Rootkit
- T1552.005 - Cloud Instance Metadata API
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1003.001 - LSASS Memory
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 23.79
Matched TTPs:
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1205.001 - Port Knocking
- T1199 - Trusted Relationship
- T1599 - Network Boundary Bridging
- T1566.004 - Spearphishing Voice
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 12.67
Matched TTPs:
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1116 - Code Signing
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 17.43
Matched TTPs:
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1102 - Web Service
- T1583.006 - Web Services
- T1546.003 - Windows Management Instrumentation Event Subscription
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 16.51
Matched TTPs:
- T1116 - Code Signing
- T1176.001 - Browser Extensions
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
MITREへのリンク →
Score: 11.52
Matched TTPs:
- T1116 - Code Signing
- T1218.013 - Mavinject
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.08
Matched TTPs:
- T1218.013 - Mavinject
- T1059.010 - AutoHotKey & AutoIT
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.92
Matched TTPs:
- T1218.013 - Mavinject
- T1036.002 - Right-to-Left Override
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1218.013 - Mavinject
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 15.22
Matched TTPs:
- T1218.013 - Mavinject
- T1586.002 - Email Accounts
- T1580 - Cloud Infrastructure Discovery
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1601 - Modify System Image
MITREへのリンク →
Score: 24.52
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1176.001 - Browser Extensions
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1583.006 - Web Services
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1102.002 - Bidirectional Communication
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 37.24
Matched TTPs:
- T1218.013 - Mavinject
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1058 - Service Registry Permissions Weakness
- T1059.010 - AutoHotKey & AutoIT
- T1003.001 - LSASS Memory
- T1583.006 - Web Services
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 3.07
Matched TTPs:
- T1218.013 - Mavinject
- T1176.001 - Browser Extensions
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1218.013 - Mavinject
- T1176.001 - Browser Extensions
- T1586.002 - Email Accounts
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 24.05
Matched TTPs:
- T1218.013 - Mavinject
- T1562.009 - Safe Mode Boot
- T1120 - Peripheral Device Discovery
- T1058 - Service Registry Permissions Weakness
- T1059.010 - AutoHotKey & AutoIT
- T1064 - Scripting
- T1583.006 - Web Services
- T1564.002 - Hidden Users
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.93
Matched TTPs:
- T1218.013 - Mavinject
- T1003.007 - Proc Filesystem
- T1584.003 - Virtual Private Server
- T1136.002 - Domain Account
- T1583.006 - Web Services
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 5.38
Matched TTPs:
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1542.004 - ROMMONkit
MITREへのリンク →
Score: 5.18
Matched TTPs:
- T1218.013 - Mavinject
- T1003.007 - Proc Filesystem
- T1583.006 - Web Services
MITREへのリンク →
Score: 12.02
Matched TTPs:
- T1218.013 - Mavinject
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 47.09
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1021.006 - Windows Remote Management
- T1064 - Scripting
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1059.006 - Python
- T1565.002 - Transmitted Data Manipulation
- T1070.009 - Clear Persistence
- T1221 - Template Injection
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.70
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1199 - Trusted Relationship
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 15.51
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.89
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
MITREへのリンク →
Score: 6.40
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.91
Matched TTPs:
- T1176.001 - Browser Extensions
- T1586.002 - Email Accounts
- T1199 - Trusted Relationship
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 10.13
Matched TTPs:
- T1176.001 - Browser Extensions
- T1120 - Peripheral Device Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 8.53
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1565.002 - Transmitted Data Manipulation
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.40
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1159 - Launch Agent
MITREへのリンク →
Score: 15.24
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1570 - Lateral Tool Transfer
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.01
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1584.003 - Virtual Private Server
- T1205.001 - Port Knocking
- T1087.004 - Cloud Account
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.75
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1552.003 - Shell History
- T1102.002 - Bidirectional Communication
- T1506 - Web Session Cookie
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 19.75
Matched TTPs:
- T1685.002 - Disable or Modify Cloud Log
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 16.86
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1050 - New Service
- T1059.009 - Cloud API
- T1114.003 - Email Forwarding Rule
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.10
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 8.89
Matched TTPs:
- T1584.003 - Virtual Private Server
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1601 - Modify System Image
MITREへのリンク →
Score: 10.85
Matched TTPs:
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.86
Matched TTPs:
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
- T1218.010 - Regsvr32
- T1160 - Launch Daemon
MITREへのリンク →
Score: 10.73
Matched TTPs:
- T1584.003 - Virtual Private Server
- T1136.002 - Domain Account
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.41
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.95
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1064 - Scripting
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 8.74
Matched TTPs:
- T1558 - Steal or Forge Kerberos Tickets
- T1027.014 - Polymorphic Code
- T1562.011 - Spoof Security Alerting
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1558 - Steal or Forge Kerberos Tickets
- T1684 - Social Engineering
- T1547.013 - XDG Autostart Entries
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1580 - Cloud Infrastructure Discovery
MITREへのリンク →
Score: 5.39
Matched TTPs:
- T1101 - Security Support Provider
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1036.002 - Right-to-Left Override
MITREへのリンク →
Score: 3.64
Matched TTPs:
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.02
Matched TTPs:
- T1059.001 - PowerShell
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1574.010 - Services File Permissions Weakness
MITREへのリンク →
Score: 6.52
Matched TTPs:
- T1199 - Trusted Relationship
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.73
Matched TTPs:
- T1597 - Search Closed Sources
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 4.77
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.81
Matched TTPs:
- T1070.006 - Timestomp
- T1053.005 - Scheduled Task
- T1071.004 - DNS
- T1176.001 - Browser Extensions
- T1174 - Password Filter DLL
- T1587 - Develop Capabilities
- T1205 - Traffic Signaling
- T1583.006 - Web Services
- T1597 - Search Closed Sources
- T1570 - Lateral Tool Transfer
- T1050 - New Service
- T1087.004 - Cloud Account
- T1602 - Data from Configuration Repository
- T1556 - Modify Authentication Process
- T1218.013 - Mavinject
- T1069.001 - Local Groups
- T1547.013 - XDG Autostart Entries
- T1055.015 - ListPlanting
- T1608.005 - Link Target
- T1606.002 - SAML Tokens
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1086 - PowerShell
- T1116 - Code Signing
- T1070.009 - Clear Persistence
- T1584.003 - Virtual Private Server
- T1047 - Windows Management Instrumentation
- T1558.005 - Ccache Files
- T1199 - Trusted Relationship
- T1216 - System Script Proxy Execution
- T1120 - Peripheral Device Discovery
- T1070.008 - Clear Mailbox Data
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1053.005 - Scheduled Task
- T1176.001 - Browser Extensions
- T1027.007 - Dynamic API Resolution
- T1205 - Traffic Signaling
- T1583.006 - Web Services
- T1564.002 - Hidden Users
- T1218.013 - Mavinject
- T1156 - Malicious Shell Modification
- T1547.013 - XDG Autostart Entries
- T1055.015 - ListPlanting
- T1608.005 - Link Target
- T1091 - Replication Through Removable Media
- T1606.002 - SAML Tokens
- T1573 - Encrypted Channel
- T1059.010 - AutoHotKey & AutoIT
- T1584.003 - Virtual Private Server
- T1586.002 - Email Accounts
- T1140 - Deobfuscate/Decode Files or Information
- T1047 - Windows Management Instrumentation
- T1011.001 - Exfiltration Over Bluetooth
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1120 - Peripheral Device Discovery
- T1555 - Credentials from Password Stores
- T1058 - Service Registry Permissions Weakness
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1053.005 - Scheduled Task
- T1205 - Traffic Signaling
- T1583.006 - Web Services
- T1597 - Search Closed Sources
- T1570 - Lateral Tool Transfer
- T1087.004 - Cloud Account
- T1546.017 - Udev Rules
- T1059.013 - Container CLI/API
- T1218.013 - Mavinject
- T1156 - Malicious Shell Modification
- T1542.004 - ROMMONkit
- T1506 - Web Session Cookie
- T1562.009 - Safe Mode Boot
- T1552.005 - Cloud Instance Metadata API
- T1547.013 - XDG Autostart Entries
- T1608.005 - Link Target
- T1091 - Replication Through Removable Media
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1086 - PowerShell
- T1036.002 - Right-to-Left Override
- T1070.009 - Clear Persistence
- T1584.003 - Virtual Private Server
- T1684 - Social Engineering
- T1047 - Windows Management Instrumentation
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1120 - Peripheral Device Discovery
- T1058 - Service Registry Permissions Weakness
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1071.004 - DNS
- T1205.001 - Port Knocking
- T1583.006 - Web Services
- T1546.007 - Netsh Helper DLL
- T1564.004 - NTFS File Attributes
- T1218.013 - Mavinject
- T1156 - Malicious Shell Modification
- T1542.004 - ROMMONkit
- T1499.001 - OS Exhaustion Flood
- T1552.005 - Cloud Instance Metadata API
- T1547.013 - XDG Autostart Entries
- T1548.004 - Elevated Execution with Prompt
- T1608.005 - Link Target
- T1558 - Steal or Forge Kerberos Tickets
- T1059.010 - AutoHotKey & AutoIT
- T1566.003 - Spearphishing via Service
- T1218.010 - Regsvr32
- T1116 - Code Signing
- T1070.009 - Clear Persistence
- T1584.003 - Virtual Private Server
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1058 - Service Registry Permissions Weakness
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1136.002 - Domain Account
- T1546.003 - Windows Management Instrumentation Event Subscription
- T1003.006 - DCSync
- T1583.006 - Web Services
- T1597 - Search Closed Sources
- T1689 - Downgrade Attack
- T1546.002 - Screensaver
- T1499.001 - OS Exhaustion Flood
- T1090.002 - External Proxy
- T1055.015 - ListPlanting
- T1606.002 - SAML Tokens
- T1021.006 - Windows Remote Management
- T1218.010 - Regsvr32
- T1116 - Code Signing
- T1070.009 - Clear Persistence
- T1140 - Deobfuscate/Decode Files or Information
- T1566.004 - Spearphishing Voice
- T1219.002 - Remote Desktop Software
- T1585.002 - Email Accounts
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design