TA17-117A Intrusions Affecting Multiple Victims Across Multiple Sectors
概要
US-CERT IR-ALERT-MED-17-093-0, TA17-117A
The National Cybersecurity and Communications Integration Center (NCCIC) has become aware
of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple
malware implants. Initial victims have been identified in several sectors, including information
technology, energy, healthcare and public health, communications, and critical manufacturing.
According to preliminary analysis, threat actors appear to be leveraging stolen administrative
credentials (local and domain) and certificates, along with placing sophisticated malware
implants on critical systems. Some of the campaign victims have been IT service providers,
where credential compromises could potentially be leveraged to access customer environments.
Depending on the defensive mitigations in place, the threat actor could possibly gain full access
to networks and data in a way that appears legitimate to existing monitoring tools.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 86.92
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1583.005 - Botnet
- T1120 - Peripheral Device Discovery
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1152 - Launchctl
- T1059.009 - Cloud API
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1055.014 - VDSO Hijacking
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1030 - Data Transfer Size Limits
- T1506 - Web Session Cookie
- T1197 - BITS Jobs
- T1070.009 - Clear Persistence
- T1132.002 - Non-Standard Encoding
- T1547.013 - XDG Autostart Entries
- T1126 - Network Share Connection Removal
- T1003.003 - NTDS
- T1008 - Fallback Channels
- T1053.002 - At
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 21.10
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1137.004 - Outlook Home Page
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 38.38
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1589 - Gather Victim Identity Information
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1564.013 - Bind Mounts
- T1136.002 - Domain Account
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1003.003 - NTDS
MITREへのリンク →
Score: 28.53
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1059.009 - Cloud API
- T1552.008 - Chat Messages
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1498 - Network Denial of Service
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.59
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1166 - Setuid and Setgid
MITREへのリンク →
Score: 59.98
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1218.008 - Odbcconf
- T1064 - Scripting
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1070.009 - Clear Persistence
- T1221 - Template Injection
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 65.30
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1484.002 - Trust Modification
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1193 - Spearphishing Attachment
- T1049 - System Network Connections Discovery
- T1122 - Component Object Model Hijacking
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1187 - Forced Authentication
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1166 - Setuid and Setgid
- T1075 - Pass the Hash
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 22.24
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1566.002 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 63.64
Matched TTPs:
- T1216.001 - PubPrn
- T1024 - Custom Cryptographic Protocol
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1218.008 - Odbcconf
- T1136.002 - Domain Account
- T1556.008 - Network Provider DLL
- T1596.004 - CDNs
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1601 - Modify System Image
- T1592.003 - Firmware
- T1137.004 - Outlook Home Page
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
- T1132.002 - Non-Standard Encoding
- T1588.005 - Exploits
MITREへのリンク →
Score: 64.65
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1553.002 - Code Signing
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1164 - Re-opened Applications
- T1049 - System Network Connections Discovery
- T1057 - Process Discovery
- T1552.008 - Chat Messages
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1065 - Uncommonly Used Port
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 59.17
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1139 - Bash History
- T1562.004 - Disable or Modify System Firewall
- T1152 - Launchctl
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1197 - BITS Jobs
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1546.007 - Netsh Helper DLL
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 18.15
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 32.20
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1484.002 - Trust Modification
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1218.010 - Regsvr32
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.78
Matched TTPs:
- T1682 - Query Public AI Services
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1547.013 - XDG Autostart Entries
- T1053.002 - At
MITREへのリンク →
Score: 23.85
Matched TTPs:
- T1606.002 - SAML Tokens
- T1553.002 - Code Signing
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1564.013 - Bind Mounts
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
- T1686.001 - Cloud Firewall
MITREへのリンク →
Score: 21.60
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 51.56
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1677 - Poisoned Pipeline Execution
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1055.015 - ListPlanting
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 45.10
Matched TTPs:
- T1606.002 - SAML Tokens
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1556.009 - Conditional Access Policies
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1055.015 - ListPlanting
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 30.89
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1564.013 - Bind Mounts
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1606 - Forge Web Credentials
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1055.015 - ListPlanting
MITREへのリンク →
Score: 9.98
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 22.42
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1553.002 - Code Signing
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1199 - Trusted Relationship
- T1498 - Network Denial of Service
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 37.62
Matched TTPs:
- T1606.002 - SAML Tokens
- T1202 - Indirect Command Execution
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 20.37
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.44
Matched TTPs:
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 20.68
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1612 - Build Image on Host
- T1122 - Component Object Model Hijacking
- T1574.010 - Services File Permissions Weakness
- T1128 - Netsh Helper DLL
- T1055.009 - Proc Memory
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 6.40
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 41.48
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1176 - Software Extensions
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1556.009 - Conditional Access Policies
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 14.19
Matched TTPs:
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 57.96
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1136.001 - Local Account
- T1677 - Poisoned Pipeline Execution
- T1612 - Build Image on Host
- T1569.001 - Launchctl
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1169 - Sudo
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1071.001 - Web Protocols
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 18.77
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1562.004 - Disable or Modify System Firewall
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 34.10
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1564.002 - Hidden Users
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1547.013 - XDG Autostart Entries
- T1055.015 - ListPlanting
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 47.23
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1136.002 - Domain Account
- T1552.003 - Shell History
- T1556.008 - Network Provider DLL
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1498 - Network Denial of Service
- T1027.002 - Software Packing
- T1547.013 - XDG Autostart Entries
- T1588.005 - Exploits
MITREへのリンク →
Score: 18.00
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1504 - PowerShell Profile
- T1552.003 - Shell History
- T1506 - Web Session Cookie
- T1055.009 - Proc Memory
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 16.79
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1120 - Peripheral Device Discovery
- T1064 - Scripting
- T1564.002 - Hidden Users
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 35.92
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 14.20
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.73
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 27.08
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 58.59
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1070.003 - Clear Command History
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1564.013 - Bind Mounts
- T1504 - PowerShell Profile
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1187 - Forced Authentication
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1166 - Setuid and Setgid
- T1578.002 - Create Cloud Instance
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1098.002 - Additional Email Delegate Permissions
- T1547.008 - LSASS Driver
- T1053.002 - At
MITREへのリンク →
Score: 9.81
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1218.001 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 33.18
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1193 - Spearphishing Attachment
- T1657 - Financial Theft
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1578.002 - Create Cloud Instance
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.18
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 29.37
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1218.008 - Odbcconf
- T1059 - Command and Scripting Interpreter
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1552.008 - Chat Messages
- T1122 - Component Object Model Hijacking
- T1547.013 - XDG Autostart Entries
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 16.74
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1578.003 - Delete Cloud Instance
- T1677 - Poisoned Pipeline Execution
- T1166 - Setuid and Setgid
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 14.85
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 23.44
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1589 - Gather Victim Identity Information
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 30.54
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1504 - PowerShell Profile
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1574 - Hijack Execution Flow
- T1592.003 - Firmware
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1059.003 - Windows Command Shell
- T1070.009 - Clear Persistence
- T1132.002 - Non-Standard Encoding
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 27.84
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1504 - PowerShell Profile
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 5.22
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 9.12
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1053.002 - At
MITREへのリンク →
Score: 14.38
Matched TTPs:
- T1583.005 - Botnet
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1490 - Inhibit System Recovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 10.32
Matched TTPs:
- T1583.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1583.005 - Botnet
- T1199 - Trusted Relationship
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1159 - Launch Agent
MITREへのリンク →
Score: 29.18
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1070.003 - Clear Command History
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1504 - PowerShell Profile
- T1606.001 - Web Cookies
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 37.41
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1578.003 - Delete Cloud Instance
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1030 - Data Transfer Size Limits
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
- T1055.015 - ListPlanting
- T1008 - Fallback Channels
MITREへのリンク →
Score: 9.89
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1001.001 - Junk Data
MITREへのリンク →
Score: 22.79
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.72
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 14.34
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 9.50
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 8.82
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 6.54
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1552.003 - Shell History
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 13.36
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 19.39
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.77
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1218.010 - Regsvr32
- T1166 - Setuid and Setgid
- T1578.002 - Create Cloud Instance
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.05
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1570 - Lateral Tool Transfer
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 23.30
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1677 - Poisoned Pipeline Execution
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1128 - Netsh Helper DLL
- T1030 - Data Transfer Size Limits
- T1506 - Web Session Cookie
- T1132.002 - Non-Standard Encoding
MITREへのリンク →
Score: 15.51
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1657 - Financial Theft
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1053.002 - At
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 4.79
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 20.31
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1504 - PowerShell Profile
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.91
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 14.20
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1548 - Abuse Elevation Control Mechanism
- T1218.001 - Compiled HTML File
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 26.41
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1589 - Gather Victim Identity Information
- T1059.009 - Cloud API
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1556.009 - Conditional Access Policies
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.15
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.21
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1598 - Phishing for Information
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 7.06
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1570 - Lateral Tool Transfer
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1024 - Custom Cryptographic Protocol
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.74
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 23.06
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.97
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1166 - Setuid and Setgid
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.98
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1064 - Scripting
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 16.90
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1149 - LC_MAIN Hijacking
- T1690 - Prevent Command History Logging
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1122 - Component Object Model Hijacking
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 15.02
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1612 - Build Image on Host
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1547.013 - XDG Autostart Entries
- T1588.005 - Exploits
MITREへのリンク →
Score: 9.33
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1166 - Setuid and Setgid
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.39
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.18
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.52
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.84
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.35
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1055.009 - Proc Memory
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.29
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 10.53
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1055.003 - Thread Execution Hijacking
MITREへのリンク →
Score: 6.26
Matched TTPs:
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.84
Matched TTPs:
- T1059.009 - Cloud API
- T1504 - PowerShell Profile
- T1199 - Trusted Relationship
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.81
Matched TTPs:
- T1504 - PowerShell Profile
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1601 - Modify System Image
MITREへのリンク →
Score: 18.27
Matched TTPs:
- T1504 - PowerShell Profile
- T1199 - Trusted Relationship
- T1486 - Data Encrypted for Impact
- T1030 - Data Transfer Size Limits
- T1578.002 - Create Cloud Instance
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1136.002 - Domain Account
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 15.99
Matched TTPs:
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1128 - Netsh Helper DLL
- T1070.009 - Clear Persistence
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1552.003 - Shell History
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 4.28
Matched TTPs:
- T1608.005 - Link Target
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.43
Matched TTPs:
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 5.02
Matched TTPs:
- T1059.001 - PowerShell
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.56
Matched TTPs:
- T1574.010 - Services File Permissions Weakness
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 9.15
Matched TTPs:
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.65
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 3.60
Matched TTPs:
- T1199 - Trusted Relationship
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.67
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 3.89
Matched TTPs:
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.77
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1218.010 - Regsvr32
- T1053.002 - At
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1008 - Fallback Channels
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.82
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1152 - Launchctl
- T1606.002 - SAML Tokens
- T1547.002 - Authentication Package
- T1055.014 - VDSO Hijacking
- T1608.005 - Link Target
- T1132.002 - Non-Standard Encoding
- T1070.009 - Clear Persistence
- T1008 - Fallback Channels
- T1490 - Inhibit System Recovery
- T1059.009 - Cloud API
- T1140 - Deobfuscate/Decode Files or Information
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1552.003 - Shell History
- T1003.003 - NTDS
- T1562.013 - Disable or Modify Network Device Firewall
- T1583.005 - Botnet
- T1057 - Process Discovery
- T1030 - Data Transfer Size Limits
- T1033 - System Owner/User Discovery
- T1126 - Network Share Connection Removal
- T1003.007 - Proc Filesystem
- T1570 - Lateral Tool Transfer
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
- T1053.002 - At
- T1024 - Custom Cryptographic Protocol
- T1690 - Prevent Command History Logging
- T1506 - Web Session Cookie
- T1597 - Search Closed Sources
- T1197 - BITS Jobs
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 0.67
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1122 - Component Object Model Hijacking
- T1606.002 - SAML Tokens
- T1547.002 - Authentication Package
- T1166 - Setuid and Setgid
- T1157 - Dylib Hijacking
- T1562.004 - Disable or Modify System Firewall
- T1070.009 - Clear Persistence
- T1049 - System Network Connections Discovery
- T1484.002 - Trust Modification
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1566.002 - Spearphishing Link
- T1075 - Pass the Hash
- T1120 - Peripheral Device Discovery
- T1583.005 - Botnet
- T1033 - System Owner/User Discovery
- T1187 - Forced Authentication
- T1546.016 - Installer Packages
- T1564.008 - Email Hiding Rules
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1193 - Spearphishing Attachment
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 0.66
Matched TTPs:
- T1122 - Component Object Model Hijacking
- T1157 - Dylib Hijacking
- T1132.002 - Non-Standard Encoding
- T1137.004 - Outlook Home Page
- T1547.005 - Security Support Provider
- T1218.008 - Odbcconf
- T1030 - Data Transfer Size Limits
- T1216.001 - PubPrn
- T1601 - Modify System Image
- T1588.005 - Exploits
- T1024 - Custom Cryptographic Protocol
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1065 - Uncommonly Used Port
- T1596.004 - CDNs
- T1199 - Trusted Relationship
- T1592.003 - Firmware
- T1556.008 - Network Provider DLL
- T1136.002 - Domain Account
MITREへのリンク →
Score: 0.65
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1553.002 - Code Signing
- T1164 - Re-opened Applications
- T1166 - Setuid and Setgid
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1049 - System Network Connections Discovery
- T1059.009 - Cloud API
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1057 - Process Discovery
- T1003.007 - Proc Filesystem
- T1546.016 - Installer Packages
- T1570 - Lateral Tool Transfer
- T1102.003 - One-Way Communication
- T1574.002 - DLL Side-Loading
- T1065 - Uncommonly Used Port
- T1685.001 - Disable or Modify Windows Event Log
- T1199 - Trusted Relationship
- T1176 - Software Extensions
- T1562.009 - Safe Mode Boot
- T1552.008 - Chat Messages
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1152 - Launchctl
- T1122 - Component Object Model Hijacking
- T1139 - Bash History
- T1566.003 - Spearphishing via Service
- T1547.002 - Authentication Package
- T1157 - Dylib Hijacking
- T1562.004 - Disable or Modify System Firewall
- T1608.005 - Link Target
- T1059.001 - PowerShell
- T1070.009 - Clear Persistence
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1057 - Process Discovery
- T1546.007 - Netsh Helper DLL
- T1024 - Custom Cryptographic Protocol
- T1197 - BITS Jobs
- T1685.001 - Disable or Modify Windows Event Log
- T1199 - Trusted Relationship
- T1592.003 - Firmware
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1578.002 - Create Cloud Instance
- T1547.013 - XDG Autostart Entries
- T1547.002 - Authentication Package
- T1166 - Setuid and Setgid
- T1562.004 - Disable or Modify System Firewall
- T1608.005 - Link Target
- T1070.009 - Clear Persistence
- T1070.003 - Clear Command History
- T1059.009 - Cloud API
- T1140 - Deobfuscate/Decode Files or Information
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1547.005 - Security Support Provider
- T1504 - PowerShell Profile
- T1187 - Forced Authentication
- T1098.002 - Additional Email Delegate Permissions
- T1547.008 - LSASS Driver
- T1053.002 - At
- T1024 - Custom Cryptographic Protocol
- T1564.013 - Bind Mounts
- T1597 - Search Closed Sources
- T1199 - Trusted Relationship
- T1592.003 - Firmware
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1021.006 - Windows Remote Management
- T1606.002 - SAML Tokens
- T1044 - File System Permissions Weakness
- T1221 - Template Injection
- T1608.005 - Link Target
- T1070.009 - Clear Persistence
- T1556 - Modify Authentication Process
- T1120 - Peripheral Device Discovery
- T1547.005 - Security Support Provider
- T1552.003 - Shell History
- T1218.008 - Odbcconf
- T1030 - Data Transfer Size Limits
- T1033 - System Owner/User Discovery
- T1126 - Network Share Connection Removal
- T1102.003 - One-Way Communication
- T1547.008 - LSASS Driver
- T1091 - Replication Through Removable Media
- T1690 - Prevent Command History Logging
- T1597 - Search Closed Sources
- T1199 - Trusted Relationship
- T1064 - Scripting
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1169 - Sudo
- T1547.013 - XDG Autostart Entries
- T1071.001 - Web Protocols
- T1606.002 - SAML Tokens
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1556 - Modify Authentication Process
- T1677 - Poisoned Pipeline Execution
- T1218.010 - Regsvr32
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1136.001 - Local Account
- T1567.002 - Exfiltration to Cloud Storage
- T1055.005 - Thread Local Storage
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
- T1024 - Custom Cryptographic Protocol
- T1569.001 - Launchctl
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 0.55
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1606.002 - SAML Tokens
- T1547.002 - Authentication Package
- T1157 - Dylib Hijacking
- T1608.005 - Link Target
- T1070.009 - Clear Persistence
- T1556 - Modify Authentication Process
- T1606.001 - Web Cookies
- T1677 - Poisoned Pipeline Execution
- T1218.010 - Regsvr32
- T1120 - Peripheral Device Discovery
- T1057 - Process Discovery
- T1567.002 - Exfiltration to Cloud Storage
- T1055.005 - Thread Local Storage
- T1546.016 - Installer Packages
- T1570 - Lateral Tool Transfer
- T1055.015 - ListPlanting
- T1547.008 - LSASS Driver
- T1597 - Search Closed Sources
- T1199 - Trusted Relationship
- T1216 - System Script Proxy Execution
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design