BlackEnergy Malware
概要
These attacks are active and ongoing as of early January, 2016.
The BlackEnergy family of malware first appeared on the scene in 2007, as a botnet engine to perform Distributed Denial of Service (DDoS) attacks. By 2010, BlackEnergy 2 had developed rootkit capabilities. In 2014 and 2015, it dropped rootkit capability, and improved modularity with a plug-in framework, reducing its footprint on the network and the victim machines. In 2013, Quedagh variants also gained capabilities to bypass 64-bit Windows' User Access Controls (UAC) and driver signing. The architecture includes plug-ins for network discovery, information theft, remote code execution, credential theft, and data destruction, among others. Variants support both Windows and Linux targets, including ARM/MIPS architectures, as well as some Cisco routers and some SCADA equipment.
Several BlackEnergy variants are available on the open market in the Russian cyber underground.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 43.72
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1537 - Transfer Data to Cloud Account
- T1526 - Cloud Service Discovery
- T1622 - Debugger Evasion
- T1126 - Network Share Connection Removal
- T1003.003 - NTDS
- T1008 - Fallback Channels
MITREへのリンク →
Score: 6.85
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 20.98
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1003.003 - NTDS
MITREへのリンク →
Score: 11.10
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 7.95
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 25.52
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1565.002 - Transmitted Data Manipulation
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 32.04
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1548.006 - TCC Manipulation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.86
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
MITREへのリンク →
Score: 25.77
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1560.003 - Archive via Custom Method
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1008 - Fallback Channels
MITREへのリンク →
Score: 13.10
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1537 - Transfer Data to Cloud Account
- T1008 - Fallback Channels
MITREへのリンク →
Score: 14.93
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 29.53
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1146 - Clear Command History
- T1548.006 - TCC Manipulation
- T1055.008 - Ptrace System Calls
- T1546.007 - Netsh Helper DLL
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 16.73
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1547.015 - Login Items
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 26.86
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1120 - Peripheral Device Discovery
- T1136.002 - Domain Account
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1565.002 - Transmitted Data Manipulation
- T1027.002 - Software Packing
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 14.70
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 17.79
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1199 - Trusted Relationship
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 9.69
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1120 - Peripheral Device Discovery
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 15.42
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 14.04
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1126 - Network Share Connection Removal
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 20.78
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1055.005 - Thread Local Storage
- T1622 - Debugger Evasion
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 27.67
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1556.009 - Conditional Access Policies
- T1526 - Cloud Service Discovery
- T1622 - Debugger Evasion
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.38
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 7.16
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 18.64
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1555.004 - Windows Credential Manager
- T1537 - Transfer Data to Cloud Account
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.94
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.49
Matched TTPs:
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
MITREへのリンク →
Score: 5.62
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 23.43
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1021 - Remote Services
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 16.73
Matched TTPs:
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 25.20
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1565.002 - Transmitted Data Manipulation
- T1526 - Cloud Service Discovery
- T1055.005 - Thread Local Storage
- T1548.006 - TCC Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 18.92
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1011.001 - Exfiltration Over Bluetooth
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1622 - Debugger Evasion
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 16.56
Matched TTPs:
- T1499.004 - Application or System Exploitation
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 15.41
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1548.006 - TCC Manipulation
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 9.42
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 9.95
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1008 - Fallback Channels
MITREへのリンク →
Score: 10.48
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 12.05
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.003 - Network Trust Dependencies
- T1199 - Trusted Relationship
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 5.22
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.48
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 17.59
Matched TTPs:
- T1675 - ESXi Administration Command
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1537 - Transfer Data to Cloud Account
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 20.37
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1070.003 - Clear Command History
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1597 - Search Closed Sources
- T1622 - Debugger Evasion
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 3.26
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 10.32
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1622 - Debugger Evasion
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 5.68
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 12.80
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 10.57
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 7.44
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 15.87
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1027.007 - Dynamic API Resolution
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.29
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.99
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.73
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.73
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1552.003 - Shell History
MITREへのリンク →
Score: 9.56
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 17.25
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1070.003 - Clear Command History
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1683 - Generate Content
- T1622 - Debugger Evasion
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 16.21
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1537 - Transfer Data to Cloud Account
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 4.80
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 9.60
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1199 - Trusted Relationship
- T1526 - Cloud Service Discovery
- T1622 - Debugger Evasion
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.61
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1683 - Generate Content
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.18
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 28.25
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1684 - Social Engineering
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1556.009 - Conditional Access Policies
- T1526 - Cloud Service Discovery
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.53
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1008 - Fallback Channels
MITREへのリンク →
Score: 3.73
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 30.53
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1598 - Phishing for Information
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.83
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 4.93
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 9.25
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 6.28
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.34
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1622 - Debugger Evasion
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 4.43
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
MITREへのリンク →
Score: 17.87
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1683 - Generate Content
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.32
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 8.20
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 4.84
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 4.37
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 7.36
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 10.68
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1622 - Debugger Evasion
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 10.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 8.23
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 12.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1021 - Remote Services
- T1199 - Trusted Relationship
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 9.19
Matched TTPs:
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 10.79
Matched TTPs:
- T1684 - Social Engineering
- T1597 - Search Closed Sources
- T1027.007 - Dynamic API Resolution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.78
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1601 - Modify System Image
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1136.002 - Domain Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1589.003 - Employee Names
MITREへのリンク →
Score: 10.10
Matched TTPs:
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1601 - Modify System Image
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1059.001 - PowerShell
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.39
Matched TTPs:
- T1199 - Trusted Relationship
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1199 - Trusted Relationship
- T1565.002 - Transmitted Data Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.30
Matched TTPs:
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1622 - Debugger Evasion
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.60
Matched TTPs:
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.52
Matched TTPs:
- T1199 - Trusted Relationship
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.55
Matched TTPs:
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 3.55
Matched TTPs:
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 6.21
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1537 - Transfer Data to Cloud Account
- T1547.008 - LSASS Driver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.80
Matched TTPs:
- T1003.003 - NTDS
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1008 - Fallback Channels
- T1597 - Search Closed Sources
- T1120 - Peripheral Device Discovery
- T1027.014 - Polymorphic Code
- T1526 - Cloud Service Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1552.003 - Shell History
- T1033 - System Owner/User Discovery
- T1126 - Network Share Connection Removal
- T1199 - Trusted Relationship
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1565.002 - Transmitted Data Manipulation
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1204.001 - Malicious Link
- T1590.003 - Network Trust Dependencies
- T1218.010 - Regsvr32
- T1120 - Peripheral Device Discovery
- T1005 - Data from Local System
- T1548.006 - TCC Manipulation
- T1140 - Deobfuscate/Decode Files or Information
- T1033 - System Owner/User Discovery
- T1049 - System Network Connections Discovery
- T1199 - Trusted Relationship
- T1075 - Pass the Hash
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1537 - Transfer Data to Cloud Account
- T1622 - Debugger Evasion
- T1204.001 - Malicious Link
- T1590.003 - Network Trust Dependencies
- T1027.007 - Dynamic API Resolution
- T1597 - Search Closed Sources
- T1120 - Peripheral Device Discovery
- T1548.006 - TCC Manipulation
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1598 - Phishing for Information
- T1199 - Trusted Relationship
- T1218.003 - CMSTP
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1146 - Clear Command History
- T1218.010 - Regsvr32
- T1548.006 - TCC Manipulation
- T1140 - Deobfuscate/Decode Files or Information
- T1499.001 - OS Exhaustion Flood
- T1055.008 - Ptrace System Calls
- T1199 - Trusted Relationship
- T1566.003 - Spearphishing via Service
- T1546.007 - Netsh Helper DLL
- T1059.001 - PowerShell
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1622 - Debugger Evasion
- T1204.001 - Malicious Link
- T1027.007 - Dynamic API Resolution
- T1597 - Search Closed Sources
- T1120 - Peripheral Device Discovery
- T1556.009 - Conditional Access Policies
- T1548.006 - TCC Manipulation
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1556 - Modify Authentication Process
- T1526 - Cloud Service Discovery
- T1059.001 - PowerShell
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design