Can't stop, won't stop: TA584 innovates initial access
概要
TA584, a prominent initial access broker targeting organizations globally, demonstrated significant changes in attack strategies throughout 2025. The actor expanded its global targeting, adopted ClickFix social engineering techniques, and began delivering new malware called Tsundere Bot. TA584's operational tempo increased, with monthly campaigns tripling from March to December. The actor uses various delivery methods via email, often sending from compromised individual accounts. TA584's campaigns now feature rapid succession and overlapping, with distinct lure themes and short operational lifespans. The actor has shown adaptability in social engineering, brand impersonation, and payload delivery, making static detection less effective. Recent payloads include XWorm with the 'P0WER' configuration and the newly observed Tsundere Bot, both likely part of Malware-as-a-Service offerings.
Created: 2026-02-27
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 42.22
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1092 - Communication Through Removable Media
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1569.001 - Launchctl
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 59.91
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1557.003 - DHCP Spoofing
- T1183 - Image File Execution Options Injection
- T1092 - Communication Through Removable Media
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1055.014 - VDSO Hijacking
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1547.002 - Authentication Package
- T1656 - Impersonation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 21.18
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1497.001 - System Checks
- T1140 - Deobfuscate/Decode Files or Information
- T1562.013 - Disable or Modify Network Device Firewall
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 50.80
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1045 - Software Packing
- T1016 - System Network Configuration Discovery
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1656 - Impersonation
- T1059.006 - Python
- T1221 - Template Injection
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.20
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1136.002 - Domain Account
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1656 - Impersonation
- T1519 - Emond
- T1668 - Exclusive Control
MITREへのリンク →
Score: 53.28
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1557.003 - DHCP Spoofing
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1087.004 - Cloud Account
- T1027 - Obfuscated Files or Information
- T1187 - Forced Authentication
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
MITREへのリンク →
Score: 25.50
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 28.64
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1039 - Data from Network Shared Drive
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1668 - Exclusive Control
- T1588.003 - Code Signing Certificates
MITREへのリンク →
Score: 21.61
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1547.002 - Authentication Package
- T1608.006 - SEO Poisoning
MITREへのリンク →
Score: 21.81
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1055.014 - VDSO Hijacking
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.36
Matched TTPs:
- T1584.008 - Network Devices
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 13.54
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1557.003 - DHCP Spoofing
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1668 - Exclusive Control
MITREへのリンク →
Score: 41.15
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1177 - LSASS Driver
- T1218.012 - Verclsid
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1218.009 - Regsvcs/Regasm
- T1608.006 - SEO Poisoning
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.12
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1668 - Exclusive Control
MITREへのリンク →
Score: 20.85
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 17.09
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 10.58
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 30.64
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1574.008 - Path Interception by Search Order Hijacking
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1027 - Obfuscated Files or Information
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1564.003 - Hidden Window
- T1668 - Exclusive Control
MITREへのリンク →
Score: 9.21
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 6.83
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 16.99
Matched TTPs:
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1590.006 - Network Security Appliances
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 22.47
Matched TTPs:
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1038 - DLL Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1556.009 - Conditional Access Policies
- T1668 - Exclusive Control
MITREへのリンク →
Score: 18.77
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
- T1562.013 - Disable or Modify Network Device Firewall
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 23.79
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1055.014 - VDSO Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 17.67
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.66
Matched TTPs:
- T1606.002 - SAML Tokens
- T1574.008 - Path Interception by Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 32.51
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 23.92
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1556.009 - Conditional Access Policies
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 21.85
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 15.09
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1584.005 - Botnet
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 14.07
Matched TTPs:
- T1606.002 - SAML Tokens
- T1497.001 - System Checks
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1009 - Binary Padding
MITREへのリンク →
Score: 8.13
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.89
Matched TTPs:
- T1606.002 - SAML Tokens
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.36
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
MITREへのリンク →
Score: 7.38
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 36.18
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1543.003 - Windows Service
- T1176 - Software Extensions
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1547.002 - Authentication Package
- T1556.009 - Conditional Access Policies
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 21.25
Matched TTPs:
- T1606.002 - SAML Tokens
- T1497.001 - System Checks
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1519 - Emond
MITREへのリンク →
Score: 28.04
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1092 - Communication Through Removable Media
- T1055.013 - Process Doppelgänging
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1608.005 - Link Target
- T1027 - Obfuscated Files or Information
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 51.75
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1218.005 - Mshta
- T1619 - Cloud Storage Object Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
- T1588.005 - Exploits
MITREへのリンク →
Score: 15.41
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1574.008 - Path Interception by Search Order Hijacking
- T1218.005 - Mshta
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 15.04
Matched TTPs:
- T1063 - Security Software Discovery
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 24.36
Matched TTPs:
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 10.57
Matched TTPs:
- T1543.003 - Windows Service
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 14.13
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.71
Matched TTPs:
- T1543.003 - Windows Service
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.21
Matched TTPs:
- T1543.003 - Windows Service
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.47
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1557.003 - DHCP Spoofing
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.71
Matched TTPs:
- T1543.003 - Windows Service
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 10.42
Matched TTPs:
- T1543.003 - Windows Service
- T1027.017 - SVG Smuggling
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 34.31
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1092 - Communication Through Removable Media
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1668 - Exclusive Control
MITREへのリンク →
Score: 16.16
Matched TTPs:
- T1543.003 - Windows Service
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 10.41
Matched TTPs:
- T1543.003 - Windows Service
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1136.002 - Domain Account
- T1668 - Exclusive Control
MITREへのリンク →
Score: 10.31
Matched TTPs:
- T1543.003 - Windows Service
- T1027.016 - Junk Code Insertion
- T1051 - Shared Webroot
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 16.09
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1690 - Prevent Command History Logging
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 37.25
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1187 - Forced Authentication
- T1547.002 - Authentication Package
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.74
Matched TTPs:
- T1543.003 - Windows Service
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.17
Matched TTPs:
- T1543.003 - Windows Service
- T1518.002 - Backup Software Discovery
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 12.03
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 28.72
Matched TTPs:
- T1543.003 - Windows Service
- T1499.004 - Application or System Exploitation
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1557.003 - DHCP Spoofing
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 15.39
Matched TTPs:
- T1543.003 - Windows Service
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1567.003 - Exfiltration to Text Storage Sites
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.46
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 12.54
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.23
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
MITREへのリンク →
Score: 11.31
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 10.93
Matched TTPs:
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 9.23
Matched TTPs:
- T1497.001 - System Checks
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 13.86
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1134.002 - Create Process with Token
- T1584.005 - Botnet
MITREへのリンク →
Score: 13.27
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1657 - Financial Theft
MITREへのリンク →
Score: 17.91
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1557.003 - DHCP Spoofing
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 23.75
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 25.86
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1092 - Communication Through Removable Media
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 9.41
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 15.46
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.23
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 12.14
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.76
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 19.15
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 20.54
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1656 - Impersonation
- T1588.005 - Exploits
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1574.008 - Path Interception by Search Order Hijacking
- T1045 - Software Packing
MITREへのリンク →
Score: 10.30
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1203 - Exploitation for Client Execution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
MITREへのリンク →
Score: 12.47
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1002 - Data Compressed
MITREへのリンク →
Score: 8.89
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 12.81
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1601 - Modify System Image
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.97
Matched TTPs:
- T1055.003 - Thread Execution Hijacking
- T1045 - Software Packing
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 36.97
Matched TTPs:
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1019 - System Firmware
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1619 - Cloud Storage Object Discovery
- T1596.004 - CDNs
- T1039 - Data from Network Shared Drive
- T1601 - Modify System Image
- T1564.003 - Hidden Window
- T1588.005 - Exploits
MITREへのリンク →
Score: 4.74
Matched TTPs:
- T1009 - Binary Padding
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 11.88
Matched TTPs:
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.44
Matched TTPs:
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 14.77
Matched TTPs:
- T1027.016 - Junk Code Insertion
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1059.003 - Windows Command Shell
- T1668 - Exclusive Control
MITREへのリンク →
Score: 12.87
Matched TTPs:
- T1027.016 - Junk Code Insertion
- T1101 - Security Support Provider
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1134.002 - Create Process with Token
- T1218.012 - Verclsid
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 9.41
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.94
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.75
Matched TTPs:
- T1045 - Software Packing
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 6.75
Matched TTPs:
- T1045 - Software Packing
- T1608.005 - Link Target
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 4.44
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 8.00
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.12
Matched TTPs:
- T1136.002 - Domain Account
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1136.002 - Domain Account
- T1597 - Search Closed Sources
- T1668 - Exclusive Control
MITREへのリンク →
Score: 9.56
Matched TTPs:
- T1136.002 - Domain Account
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.59
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 6.53
Matched TTPs:
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.59
Matched TTPs:
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.89
Matched TTPs:
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1557.003 - DHCP Spoofing
- T1656 - Impersonation
- T1690 - Prevent Command History Logging
- T1009 - Binary Padding
- T1092 - Communication Through Removable Media
- T1218.012 - Verclsid
- T1134.002 - Create Process with Token
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1608.005 - Link Target
- T1051 - Shared Webroot
- T1547.002 - Authentication Package
- T1668 - Exclusive Control
- T1590.006 - Network Security Appliances
- T1606.002 - SAML Tokens
- T1087.004 - Cloud Account
- T1037 - Boot or Logon Initialization Scripts
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1183 - Image File Execution Options Injection
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1063 - Security Software Discovery
- T1049 - System Network Connections Discovery
- T1484.002 - Trust Modification
- T1091 - Replication Through Removable Media
- T1187 - Forced Authentication
- T1557.003 - DHCP Spoofing
- T1075 - Pass the Hash
- T1564.008 - Email Hiding Rules
- T1134.002 - Create Process with Token
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1547.002 - Authentication Package
- T1045 - Software Packing
- T1218.010 - Regsvr32
- T1027 - Obfuscated Files or Information
- T1606.002 - SAML Tokens
- T1087.004 - Cloud Account
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1619 - Cloud Storage Object Discovery
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1051 - Shared Webroot
- T1218.005 - Mshta
- T1045 - Software Packing
- T1039 - Data from Network Shared Drive
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1588.005 - Exploits
- T1597 - Search Closed Sources
- T1019 - System Firmware
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1136.002 - Domain Account
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1606.002 - SAML Tokens
- T1656 - Impersonation
- T1221 - Template Injection
- T1087.004 - Cloud Account
- T1547.005 - Security Support Provider
- T1059.006 - Python
- T1690 - Prevent Command History Logging
- T1021.006 - Windows Remote Management
- T1547.008 - LSASS Driver
- T1091 - Replication Through Removable Media
- T1045 - Software Packing
- T1016 - System Network Configuration Discovery
- T1044 - File System Permissions Weakness
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design