Threat Intelligence Dossier: TOXICSNAKE
概要
A multi-domain traffic distribution system (TDS) operation was discovered, centered around the domain toxicsnake-wifes.com. The infrastructure serves as a commodity cybercrime TDS farm, routing victims to phishing, scams, or malware payloads. The operation uses a first-stage JavaScript loader, followed by a second-stage that attempts to fetch upstream payloads. The cluster shares common WHOIS, DNS, and hosting patterns, indicative of bulletproof VPS usage. Multiple burner domains with similar tradecraft were identified, suggesting an organized operator cluster. The infrastructure employs obfuscation, dynamic remote injection, and disposable registration techniques. While the main payload was unreachable during analysis, historical evidence suggests the delivery of malicious content.
Created: 2026-03-01
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 85.51
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1114 - Email Collection
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1152 - Launchctl
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1134.002 - Create Process with Token
- T1683.001 - Written Content
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1547.002 - Authentication Package
- T1030 - Data Transfer Size Limits
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
- T1003.003 - NTDS
- T1008 - Fallback Channels
MITREへのリンク →
Score: 33.77
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1499.003 - Application Exhaustion Flood
- T1497.001 - System Checks
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1137.004 - Outlook Home Page
- T1059.013 - Container CLI/API
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 49.26
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1589 - Gather Victim Identity Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1136.002 - Domain Account
- T1175 - Component Object Model and Distributed COM
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1519 - Emond
- T1209 - Time Providers
- T1003.003 - NTDS
MITREへのリンク →
Score: 17.37
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1552.008 - Chat Messages
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 16.58
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1209 - Time Providers
MITREへのリンク →
Score: 53.78
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1221 - Template Injection
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 83.82
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1114 - Email Collection
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1134.002 - Create Process with Token
- T1193 - Spearphishing Attachment
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1087.004 - Cloud Account
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1187 - Forced Authentication
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1556.005 - Reversible Encryption
- T1546.016 - Installer Packages
- T1111 - Multi-Factor Authentication Interception
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.09
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 67.17
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1547.011 - Plist Modification
- T1134.002 - Create Process with Token
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1059.008 - Network Device CLI
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1087.004 - Cloud Account
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1546.016 - Installer Packages
- T1209 - Time Providers
- T1547.008 - LSASS Driver
- T1569.002 - Service Execution
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 6.65
Matched TTPs:
- T1132.001 - Standard Encoding
- T1543.003 - Windows Service
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 26.27
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1134.002 - Create Process with Token
- T1175 - Component Object Model and Distributed COM
- T1057 - Process Discovery
- T1027 - Obfuscated Files or Information
- T1556.005 - Reversible Encryption
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 83.81
Matched TTPs:
- T1148 - HISTCONTROL
- T1099 - Timestomp
- T1685.001 - Disable or Modify Windows Event Log
- T1114 - Email Collection
- T1553.002 - Code Signing
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1164 - Re-opened Applications
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1057 - Process Discovery
- T1552.008 - Chat Messages
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1488 - Disk Content Wipe
- T1065 - Uncommonly Used Port
- T1546.016 - Installer Packages
- T1209 - Time Providers
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
- T1569.002 - Service Execution
MITREへのリンク →
Score: 45.63
Matched TTPs:
- T1216.001 - PubPrn
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1137.004 - Outlook Home Page
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 13.41
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1136.002 - Domain Account
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 72.71
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1045 - Software Packing
- T1504 - PowerShell Profile
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1683 - Generate Content
- T1187 - Forced Authentication
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1578.002 - Create Cloud Instance
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1098.002 - Additional Email Delegate Permissions
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 35.22
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1099 - Timestomp
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1059 - Command and Scripting Interpreter
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1552.008 - Chat Messages
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 59.32
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1059.008 - Network Device CLI
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
- T1008 - Fallback Channels
MITREへのリンク →
Score: 12.37
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1558 - Steal or Forge Kerberos Tickets
- T1134.002 - Create Process with Token
- T1218.012 - Verclsid
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 32.61
Matched TTPs:
- T1099 - Timestomp
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1159 - Launch Agent
MITREへのリンク →
Score: 56.86
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1223 - Compiled HTML File
- T1608.006 - SEO Poisoning
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 54.79
Matched TTPs:
- T1099 - Timestomp
- T1591.003 - Identify Business Tempo
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1547.002 - Authentication Package
- T1059.013 - Container CLI/API
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.50
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.26
Matched TTPs:
- T1099 - Timestomp
- T1504 - PowerShell Profile
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1209 - Time Providers
- T1569.002 - Service Execution
MITREへのリンク →
Score: 27.66
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1553.002 - Code Signing
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1569.002 - Service Execution
MITREへのリンク →
Score: 43.42
Matched TTPs:
- T1099 - Timestomp
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1176 - Software Extensions
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1547.002 - Authentication Package
- T1556.009 - Conditional Access Policies
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
- T1569.002 - Service Execution
MITREへのリンク →
Score: 16.81
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1504 - PowerShell Profile
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 55.85
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1152 - Launchctl
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1146 - Clear Command History
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.85
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1056.002 - GUI Input Capture
- T1547.002 - Authentication Package
- T1608.006 - SEO Poisoning
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 41.05
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1488 - Disk Content Wipe
- T1592.003 - Firmware
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.94
Matched TTPs:
- T1682 - Query Public AI Services
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1557.003 - DHCP Spoofing
- T1059.012 - Hypervisor CLI
- T1543.002 - Systemd Service
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.74
Matched TTPs:
- T1584.008 - Network Devices
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.11
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1547.011 - Plist Modification
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 44.67
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1193 - Spearphishing Attachment
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1578.002 - Create Cloud Instance
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 19.48
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 10.97
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 15.85
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
Score: 24.97
Matched TTPs:
- T1584.008 - Network Devices
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
MITREへのリンク →
Score: 24.64
Matched TTPs:
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1038 - DLL Search Order Hijacking
- T1589 - Gather Victim Identity Information
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1556.009 - Conditional Access Policies
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.90
Matched TTPs:
- T1114 - Email Collection
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1134.002 - Create Process with Token
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 27.03
Matched TTPs:
- T1114 - Email Collection
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1134.002 - Create Process with Token
- T1612 - Build Image on Host
- T1149 - LC_MAIN Hijacking
- T1690 - Prevent Command History Logging
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1114 - Email Collection
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 22.71
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1175 - Component Object Model and Distributed COM
- T1049 - System Network Connections Discovery
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 22.15
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1504 - PowerShell Profile
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1059.003 - Windows Command Shell
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
MITREへのリンク →
Score: 20.56
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.98
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1543.003 - Windows Service
- T1518.002 - Backup Software Discovery
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 34.14
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1556.009 - Conditional Access Policies
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 25.36
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
- T1569.002 - Service Execution
MITREへのリンク →
Score: 16.63
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1159 - Launch Agent
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1219.001 - IDE Tunneling
- T1157 - Dylib Hijacking
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 40.10
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.39
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1488 - Disk Content Wipe
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 21.52
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1584.005 - Botnet
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.79
Matched TTPs:
- T1606.002 - SAML Tokens
- T1497.001 - System Checks
- T1583.005 - Botnet
- T1553.002 - Code Signing
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1009 - Binary Padding
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 8.94
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 7.92
Matched TTPs:
- T1606.002 - SAML Tokens
- T1558 - Steal or Forge Kerberos Tickets
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 15.12
Matched TTPs:
- T1606.002 - SAML Tokens
- T1591.003 - Identify Business Tempo
- T1543.003 - Windows Service
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.52
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 42.48
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1569.001 - Launchctl
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 32.47
Matched TTPs:
- T1606.002 - SAML Tokens
- T1497.001 - System Checks
- T1036.009 - Break Process Trees
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1519 - Emond
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
MITREへのリンク →
Score: 37.83
Matched TTPs:
- T1036.008 - Masquerade File Type
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 8.00
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 20.05
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1558 - Steal or Forge Kerberos Tickets
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1159 - Launch Agent
- T1008 - Fallback Channels
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 41.07
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1027.002 - Software Packing
MITREへのリンク →
Score: 10.87
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1504 - PowerShell Profile
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.38
Matched TTPs:
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 36.50
Matched TTPs:
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1059.008 - Network Device CLI
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
- T1556.005 - Reversible Encryption
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.11
Matched TTPs:
- T1543.003 - Windows Service
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.95
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1556.005 - Reversible Encryption
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.07
Matched TTPs:
- T1543.003 - Windows Service
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.57
Matched TTPs:
- T1543.003 - Windows Service
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.62
Matched TTPs:
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1098.007 - Additional Local or Domain Groups
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 38.40
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 20.85
Matched TTPs:
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1219.001 - IDE Tunneling
- T1059.008 - Network Device CLI
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1578.002 - Create Cloud Instance
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.27
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 10.80
Matched TTPs:
- T1543.003 - Windows Service
- T1583.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.22
Matched TTPs:
- T1543.003 - Windows Service
- T1558 - Steal or Forge Kerberos Tickets
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.17
Matched TTPs:
- T1543.003 - Windows Service
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 34.79
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1557.003 - DHCP Spoofing
- T1045 - Software Packing
- T1504 - PowerShell Profile
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 29.52
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1504 - PowerShell Profile
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1567.003 - Exfiltration to Text Storage Sites
- T1030 - Data Transfer Size Limits
- T1578.002 - Create Cloud Instance
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.96
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1008 - Fallback Channels
MITREへのリンク →
Score: 14.93
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.05
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1175 - Component Object Model and Distributed COM
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1030 - Data Transfer Size Limits
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 25.05
Matched TTPs:
- T1497.001 - System Checks
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
- T1008 - Fallback Channels
MITREへのリンク →
Score: 24.47
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1175 - Component Object Model and Distributed COM
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.84
Matched TTPs:
- T1583.005 - Botnet
- T1036.009 - Break Process Trees
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1569.002 - Service Execution
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1583.005 - Botnet
- T1199 - Trusted Relationship
- T1209 - Time Providers
MITREへのリンク →
Score: 16.37
Matched TTPs:
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1209 - Time Providers
MITREへのリンク →
Score: 10.68
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1159 - Launch Agent
MITREへのリンク →
Score: 27.33
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1504 - PowerShell Profile
- T1175 - Component Object Model and Distributed COM
- T1606.001 - Web Cookies
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1556.005 - Reversible Encryption
- T1209 - Time Providers
MITREへのリンク →
Score: 10.64
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1199 - Trusted Relationship
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 14.19
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.31
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1209 - Time Providers
MITREへのリンク →
Score: 4.76
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 15.87
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
Score: 7.63
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.66
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 26.03
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1548 - Abuse Elevation Control Mechanism
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
MITREへのリンク →
Score: 13.03
Matched TTPs:
- T1137.005 - Outlook Rules
- T1504 - PowerShell Profile
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.38
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 22.19
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1027.018 - Invisible Unicode
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1558 - Steal or Forge Kerberos Tickets
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1055.003 - Thread Execution Hijacking
- T1045 - Software Packing
MITREへのリンク →
Score: 7.01
Matched TTPs:
- T1009 - Binary Padding
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 11.54
Matched TTPs:
- T1589 - Gather Victim Identity Information
- T1562.004 - Disable or Modify System Firewall
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 5.05
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
MITREへのリンク →
Score: 6.01
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.02
Matched TTPs:
- T1547.011 - Plist Modification
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 5.02
Matched TTPs:
- T1547.011 - Plist Modification
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 10.22
Matched TTPs:
- T1101 - Security Support Provider
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1059.012 - Hypervisor CLI
- T1209 - Time Providers
MITREへのリンク →
Score: 3.19
Matched TTPs:
- T1045 - Software Packing
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 8.15
Matched TTPs:
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
Score: 9.02
Matched TTPs:
- T1045 - Software Packing
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 15.19
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1218.010 - Regsvr32
- T1556.005 - Reversible Encryption
- T1159 - Launch Agent
MITREへのリンク →
Score: 6.78
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.88
Matched TTPs:
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.43
Matched TTPs:
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1556.005 - Reversible Encryption
- T1569.002 - Service Execution
MITREへのリンク →
Score: 6.78
Matched TTPs:
- T1087.004 - Cloud Account
- T1556.009 - Conditional Access Policies
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 4.81
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1199 - Trusted Relationship
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 3.19
Matched TTPs:
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
Score: 10.47
Matched TTPs:
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1556.005 - Reversible Encryption
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 3.89
Matched TTPs:
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.05
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1114 - Email Collection
- T1583.005 - Botnet
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1057 - Process Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1003.003 - NTDS
- T1008 - Fallback Channels
- T1041 - Exfiltration Over C2 Channel
- T1152 - Launchctl
- T1566.002 - Spearphishing Link
- T1556.005 - Reversible Encryption
- T1547.002 - Authentication Package
- T1683.001 - Written Content
- T1134.002 - Create Process with Token
- T1199 - Trusted Relationship
- T1606.002 - SAML Tokens
- T1009 - Binary Padding
- T1091 - Replication Through Removable Media
- T1543.003 - Windows Service
- T1102.003 - One-Way Communication
- T1033 - System Owner/User Discovery
- T1562.013 - Disable or Modify Network Device Firewall
- T1218.012 - Verclsid
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1557.003 - DHCP Spoofing
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1055.014 - VDSO Hijacking
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 0.69
Matched TTPs:
- T1114 - Email Collection
- T1049 - System Network Connections Discovery
- T1583.005 - Botnet
- T1098.007 - Additional Local or Domain Groups
- T1005 - Data from Local System
- T1555.003 - Credentials from Web Browsers
- T1045 - Software Packing
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1027 - Obfuscated Files or Information
- T1566.002 - Spearphishing Link
- T1193 - Spearphishing Attachment
- T1556.005 - Reversible Encryption
- T1547.002 - Authentication Package
- T1111 - Multi-Factor Authentication Interception
- T1134.002 - Create Process with Token
- T1199 - Trusted Relationship
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1187 - Forced Authentication
- T1543.003 - Windows Service
- T1218.010 - Regsvr32
- T1157 - Dylib Hijacking
- T1102.003 - One-Way Communication
- T1033 - System Owner/User Discovery
- T1562.004 - Disable or Modify System Firewall
- T1075 - Pass the Hash
- T1558 - Steal or Forge Kerberos Tickets
- T1027.018 - Invisible Unicode
- T1546.016 - Installer Packages
- T1557.003 - DHCP Spoofing
- T1564.008 - Email Hiding Rules
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 0.69
Matched TTPs:
- T1114 - Email Collection
- T1049 - System Network Connections Discovery
- T1552.008 - Chat Messages
- T1057 - Process Discovery
- T1555.003 - Credentials from Web Browsers
- T1148 - HISTCONTROL
- T1045 - Software Packing
- T1140 - Deobfuscate/Decode Files or Information
- T1209 - Time Providers
- T1056.002 - GUI Input Capture
- T1099 - Timestomp
- T1685.001 - Disable or Modify Windows Event Log
- T1488 - Disk Content Wipe
- T1164 - Re-opened Applications
- T1065 - Uncommonly Used Port
- T1070.006 - Timestomp
- T1134.002 - Create Process with Token
- T1199 - Trusted Relationship
- T1569.002 - Service Execution
- T1547.005 - Security Support Provider
- T1176 - Software Extensions
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
- T1157 - Dylib Hijacking
- T1102.003 - One-Way Communication
- T1553.002 - Code Signing
- T1546.016 - Installer Packages
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1683 - Generate Content
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1098.002 - Additional Email Delegate Permissions
- T1045 - Software Packing
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1578.002 - Create Cloud Instance
- T1504 - PowerShell Profile
- T1027 - Obfuscated Files or Information
- T1209 - Time Providers
- T1099 - Timestomp
- T1566.002 - Spearphishing Link
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1556.005 - Reversible Encryption
- T1547.002 - Authentication Package
- T1547.008 - LSASS Driver
- T1134.002 - Create Process with Token
- T1199 - Trusted Relationship
- T1009 - Binary Padding
- T1592.003 - Firmware
- T1036.009 - Break Process Trees
- T1547.005 - Security Support Provider
- T1187 - Forced Authentication
- T1543.003 - Windows Service
- T1562.004 - Disable or Modify System Firewall
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1597 - Search Closed Sources
- T1219.001 - IDE Tunneling
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design