Dridex, Vawtrak and others increase focus on Canada
概要
The spam messages we observed used several different tactics to deliver malicious payloads to users, including macros, packager shell objects (aka OLE objects), and links.
The first example, a campaign observed on May 17, 2016, uses a fake Microsoft security alert social engineering lure to trick the victim into opening a link that leads to an executable download. The user would have to then open the downloaded executable in order to infect their computer. In this case the payload was Kronos, a banking Trojan which was introduced in July of 2014 [1]. This instance of Kronos was configured to target US, Canadian, and Australian financial sites.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 65.05
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1552.003 - Shell History
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1001 - Data Obfuscation
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1601.001 - Patch System Image
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
- T1003.003 - NTDS
MITREへのリンク →
Score: 13.75
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 28.77
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1578 - Modify Cloud Compute Infrastructure
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1136.002 - Domain Account
- T1562.001 - Disable or Modify Tools
- T1218.010 - Regsvr32
- T1003.003 - NTDS
MITREへのリンク →
Score: 11.04
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1183 - Image File Execution Options Injection
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →
Score: 51.21
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1016 - System Network Configuration Discovery
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1030 - Data Transfer Size Limits
- T1059.006 - Python
- T1601.001 - Patch System Image
- T1221 - Template Injection
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 62.42
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1183 - Image File Execution Options Injection
- T1193 - Spearphishing Attachment
- T1049 - System Network Connections Discovery
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1059.011 - Lua
- T1187 - Forced Authentication
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.55
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1657 - Financial Theft
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 60.28
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1183 - Image File Execution Options Injection
- T1677 - Poisoned Pipeline Execution
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1174 - Password Filter DLL
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1055.005 - Thread Local Storage
- T1105 - Ingress Tool Transfer
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1132.001 - Standard Encoding
- T1543.003 - Windows Service
- T1024 - Custom Cryptographic Protocol
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 29.46
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1059.011 - Lua
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.94
Matched TTPs:
- T1216.001 - PubPrn
- T1024 - Custom Cryptographic Protocol
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1136.002 - Domain Account
- T1619 - Cloud Storage Object Discovery
- T1199 - Trusted Relationship
- T1592.003 - Firmware
- T1030 - Data Transfer Size Limits
- T1588.005 - Exploits
MITREへのリンク →
Score: 34.63
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1578 - Modify Cloud Compute Infrastructure
- T1566.002 - Spearphishing Link
- T1019 - System Firmware
- T1136.002 - Domain Account
- T1552.003 - Shell History
- T1619 - Cloud Storage Object Discovery
- T1199 - Trusted Relationship
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1588.005 - Exploits
MITREへのリンク →
Score: 12.73
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1574.010 - Services File Permissions Weakness
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 26.69
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1059.011 - Lua
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
- T1537 - Transfer Data to Cloud Account
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 9.85
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 26.74
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1049 - System Network Connections Discovery
- T1199 - Trusted Relationship
- T1537 - Transfer Data to Cloud Account
- T1546.016 - Installer Packages
- T1159 - Launch Agent
MITREへのリンク →
Score: 55.14
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1548.004 - Elevated Execution with Prompt
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1197 - BITS Jobs
- T1059.012 - Hypervisor CLI
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
- T1055.008 - Ptrace System Calls
- T1564.004 - NTFS File Attributes
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 25.83
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1197 - BITS Jobs
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 36.11
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1592.003 - Firmware
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.66
Matched TTPs:
- T1682 - Query Public AI Services
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1543.002 - Systemd Service
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.22
Matched TTPs:
- T1578 - Modify Cloud Compute Infrastructure
- T1566.002 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 41.32
Matched TTPs:
- T1578 - Modify Cloud Compute Infrastructure
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1070.003 - Clear Command History
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1187 - Forced Authentication
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 15.09
Matched TTPs:
- T1606.002 - SAML Tokens
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 31.65
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1218.010 - Regsvr32
- T1592.002 - Software
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 20.32
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1547.015 - Login Items
- T1606 - Forge Web Credentials
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 17.62
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 28.71
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1202 - Indirect Command Execution
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1223 - Compiled HTML File
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.80
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.47
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 18.17
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1612 - Build Image on Host
- T1574.010 - Services File Permissions Weakness
- T1059.011 - Lua
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 26.79
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1059.010 - AutoHotKey & AutoIT
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.29
Matched TTPs:
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1102.002 - Bidirectional Communication
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 58.35
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1136.001 - Local Account
- T1677 - Poisoned Pipeline Execution
- T1612 - Build Image on Host
- T1569.001 - Launchctl
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1159 - Launch Agent
- T1055.005 - Thread Local Storage
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.40
Matched TTPs:
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1612 - Build Image on Host
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 43.54
Matched TTPs:
- T1606.002 - SAML Tokens
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1011.001 - Exfiltration Over Bluetooth
- T1608.005 - Link Target
- T1564.002 - Hidden Users
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 14.35
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 26.97
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
- T1601.001 - Patch System Image
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.13
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.35
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 6.70
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.011 - Lua
MITREへのリンク →
Score: 8.72
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 21.27
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 22.59
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1199 - Trusted Relationship
- T1001 - Data Obfuscation
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.38
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1552.003 - Shell History
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.78
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.43
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.96
Matched TTPs:
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1140 - Deobfuscate/Decode Files or Information
- T1193 - Spearphishing Attachment
- T1657 - Financial Theft
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 6.48
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 5.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 7.20
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1059.011 - Lua
MITREへのリンク →
Score: 17.35
Matched TTPs:
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1183 - Image File Execution Options Injection
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.87
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1218.010 - Regsvr32
- T1159 - Launch Agent
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 10.57
Matched TTPs:
- T1087.002 - Domain Account
- T1048 - Exfiltration Over Alternative Protocol
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.15
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1059.012 - Hypervisor CLI
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 15.91
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1001 - Data Obfuscation
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 23.04
Matched TTPs:
- T1087.002 - Domain Account
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1183 - Image File Execution Options Injection
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 9.71
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 27.82
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1199 - Trusted Relationship
- T1001 - Data Obfuscation
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 17.49
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.69
Matched TTPs:
- T1087.002 - Domain Account
- T1547.015 - Login Items
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 19.74
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1499.002 - Service Exhaustion Flood
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 10.30
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →
Score: 4.95
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →
Score: 11.87
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 23.21
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1486 - Data Encrypted for Impact
- T1567.003 - Exfiltration to Text Storage Sites
- T1030 - Data Transfer Size Limits
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.27
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 15.27
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1612 - Build Image on Host
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.59
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1608.005 - Link Target
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.82
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1087.002 - Domain Account
- T1089 - Disabling Security Tools
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 3.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.85
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →
Score: 7.23
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1199 - Trusted Relationship
- T1001 - Data Obfuscation
MITREへのリンク →
Score: 9.44
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 16.97
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1001 - Data Obfuscation
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 26.17
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
- T1059.011 - Lua
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.74
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1091 - Replication Through Removable Media
- T1657 - Financial Theft
- T1159 - Launch Agent
MITREへのリンク →
Score: 4.47
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.89
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1136.002 - Domain Account
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 14.01
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
Score: 21.67
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 3.40
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 39.96
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1059.013 - Container CLI/API
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.62
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1564.002 - Hidden Users
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 37.11
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 5.21
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 7.19
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1608.005 - Link Target
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 9.21
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.61
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 7.98
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.02
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.98
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1059.011 - Lua
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.37
Matched TTPs:
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.92
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 15.73
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1677 - Poisoned Pipeline Execution
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 12.85
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.28
Matched TTPs:
- T1089 - Disabling Security Tools
- T1199 - Trusted Relationship
- T1592.003 - Firmware
- T1601.001 - Patch System Image
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 8.14
Matched TTPs:
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 10.66
Matched TTPs:
- T1089 - Disabling Security Tools
- T1562.001 - Disable or Modify Tools
- T1027.007 - Dynamic API Resolution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1089 - Disabling Security Tools
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 11.68
Matched TTPs:
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1174 - Password Filter DLL
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 13.91
Matched TTPs:
- T1089 - Disabling Security Tools
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.80
Matched TTPs:
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1059.011 - Lua
MITREへのリンク →
Score: 22.16
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1070.003 - Clear Command History
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1606.001 - Web Cookies
- T1001 - Data Obfuscation
- T1102.002 - Bidirectional Communication
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 18.59
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1612 - Build Image on Host
- T1562.001 - Disable or Modify Tools
- T1059.011 - Lua
- T1059.013 - Container CLI/API
- T1537 - Transfer Data to Cloud Account
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 9.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.013 - Disable or Modify Network Device Firewall
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 28.66
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1183 - Image File Execution Options Injection
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1598 - Phishing for Information
- T1601.001 - Patch System Image
- T1537 - Transfer Data to Cloud Account
- T1027.007 - Dynamic API Resolution
- T1094 - Custom Command and Control Protocol
MITREへのリンク →
Score: 9.67
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1102.002 - Bidirectional Communication
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 9.70
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1612 - Build Image on Host
- T1601.001 - Patch System Image
- T1588.005 - Exploits
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.72
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 10.53
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 20.71
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1562.013 - Disable or Modify Network Device Firewall
- T1114.002 - Remote Email Collection
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1160 - Launch Daemon
MITREへのリンク →
Score: 18.44
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1059 - Command and Scripting Interpreter
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1105 - Ingress Tool Transfer
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1677 - Poisoned Pipeline Execution
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1055.003 - Thread Execution Hijacking
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1552.003 - Shell History
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 5.26
Matched TTPs:
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.78
Matched TTPs:
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 4.48
Matched TTPs:
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.25
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.80
Matched TTPs:
- T1187 - Forced Authentication
- T1033 - System Owner/User Discovery
- T1091 - Replication Through Removable Media
- T1049 - System Network Connections Discovery
- T1193 - Spearphishing Attachment
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1601.001 - Patch System Image
- T1564.008 - Email Hiding Rules
- T1027.018 - Invisible Unicode
- T1218.010 - Regsvr32
- T1087.002 - Domain Account
- T1606.002 - SAML Tokens
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1005 - Data from Local System
- T1183 - Image File Execution Options Injection
- T1547.002 - Authentication Package
- T1546.016 - Installer Packages
- T1075 - Pass the Hash
- T1543.003 - Windows Service
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1059.011 - Lua
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 0.80
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1091 - Replication Through Removable Media
- T1537 - Transfer Data to Cloud Account
- T1562.013 - Disable or Modify Network Device Firewall
- T1566.002 - Spearphishing Link
- T1197 - BITS Jobs
- T1001 - Data Obfuscation
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1030 - Data Transfer Size Limits
- T1601.001 - Patch System Image
- T1213.006 - Databases
- T1608 - Stage Capabilities
- T1027.018 - Invisible Unicode
- T1055.014 - VDSO Hijacking
- T1087.002 - Domain Account
- T1606.002 - SAML Tokens
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1003.003 - NTDS
- T1183 - Image File Execution Options Injection
- T1547.002 - Authentication Package
- T1024 - Custom Cryptographic Protocol
- T1543.003 - Windows Service
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1059.011 - Lua
MITREへのリンク →
Score: 0.75
Matched TTPs:
- T1070.008 - Clear Mailbox Data
- T1089 - Disabling Security Tools
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1677 - Poisoned Pipeline Execution
- T1070.006 - Timestomp
- T1105 - Ingress Tool Transfer
- T1218.010 - Regsvr32
- T1087.002 - Domain Account
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1132.001 - Standard Encoding
- T1174 - Password Filter DLL
- T1183 - Image File Execution Options Injection
- T1547.002 - Authentication Package
- T1546.016 - Installer Packages
- T1543.003 - Windows Service
- T1059.012 - Hypervisor CLI
- T1059.010 - AutoHotKey & AutoIT
- T1606.001 - Web Cookies
- T1567.002 - Exfiltration to Cloud Storage
- T1055.005 - Thread Local Storage
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 0.75
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1159 - Launch Agent
- T1136.001 - Local Account
- T1566.002 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1612 - Build Image on Host
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1677 - Poisoned Pipeline Execution
- T1608 - Stage Capabilities
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
- T1218.010 - Regsvr32
- T1087.002 - Domain Account
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1183 - Image File Execution Options Injection
- T1024 - Custom Cryptographic Protocol
- T1543.003 - Windows Service
- T1055.005 - Thread Local Storage
- T1059.010 - AutoHotKey & AutoIT
- T1567.002 - Exfiltration to Cloud Storage
- T1059.011 - Lua
- T1569.001 - Launchctl
MITREへのリンク →
Score: 0.73
Matched TTPs:
- T1564.004 - NTFS File Attributes
- T1592.003 - Firmware
- T1055.008 - Ptrace System Calls
- T1566.002 - Spearphishing Link
- T1197 - BITS Jobs
- T1548.004 - Elevated Execution with Prompt
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1685.001 - Disable or Modify Windows Event Log
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
- T1218.010 - Regsvr32
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1024 - Custom Cryptographic Protocol
- T1059.012 - Hypervisor CLI
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1221 - Template Injection
- T1091 - Replication Through Removable Media
- T1033 - System Owner/User Discovery
- T1044 - File System Permissions Weakness
- T1016 - System Network Configuration Discovery
- T1059.006 - Python
- T1021.006 - Windows Remote Management
- T1608.005 - Link Target
- T1030 - Data Transfer Size Limits
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
- T1087.002 - Domain Account
- T1606.002 - SAML Tokens
- T1558 - Steal or Forge Kerberos Tickets
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1183 - Image File Execution Options Injection
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1598.003 - Spearphishing Link
- T1027.007 - Dynamic API Resolution
- T1608.005 - Link Target
- T1601.001 - Patch System Image
- T1105 - Ingress Tool Transfer
- T1027.018 - Invisible Unicode
- T1206 - Sudo Caching
- T1011.001 - Exfiltration Over Bluetooth
- T1087.002 - Domain Account
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1562.001 - Disable or Modify Tools
- T1115 - Clipboard Data
- T1547.002 - Authentication Package
- T1543.003 - Windows Service
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1573 - Encrypted Channel
- T1564.002 - Hidden Users
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design