MIMICRAT: ClickFix Campaign Delivers Custom RAT via Compromised Legitimate Websites
概要
A sophisticated ClickFix campaign has been uncovered, compromising legitimate websites to deliver a multi-stage malware chain. The attack culminates in MIMICRAT, a custom remote access trojan with advanced capabilities. The campaign uses compromised sites across industries and geographies for delivery, employing a five-stage PowerShell chain that bypasses security measures before deploying a Lua-scripted shellcode loader. MIMICRAT, the final payload, is a native C++ RAT featuring malleable C2 profiles, Windows token theft, and SOCKS5 proxy functionality. The attack chain involves multiple compromised websites, obfuscated scripts, and sophisticated evasion techniques, demonstrating a high level of operational sophistication.
Created: 2026-03-22
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 27.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1099 - Timestomp
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1059 - Command and Scripting Interpreter
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1039 - Data from Network Shared Drive
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 29.60
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1547.011 - Plist Modification
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 29.33
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1059.009 - Cloud API
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 20.65
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 27.33
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.013 - Process Doppelgänging
- T1612 - Build Image on Host
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1542.004 - ROMMONkit
- T1157 - Dylib Hijacking
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.52
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1045 - Software Packing
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 59.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1685.001 - Disable or Modify Windows Event Log
- T1562.009 - Safe Mode Boot
- T1176 - Software Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1045 - Software Packing
- T1049 - System Network Connections Discovery
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1065 - Uncommonly Used Port
- T1546.016 - Installer Packages
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1569.002 - Service Execution
MITREへのリンク →
Score: 7.22
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 74.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1136.001 - Local Account
- T1055.013 - Process Doppelgänging
- T1562.006 - Indicator Blocking
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1569.001 - Launchctl
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1169 - Sudo
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1565.002 - Transmitted Data Manipulation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 19.33
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1497.002 - User Activity Based Checks
- T1142 - Keychain
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1089 - Disabling Security Tools
- T1590.003 - Network Trust Dependencies
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1059.003 - Windows Command Shell
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 6.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1497.002 - User Activity Based Checks
- T1059.011 - Lua
MITREへのリンク →
Score: 29.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1033 - System Owner/User Discovery
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 37.28
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1499.002 - Service Exhaustion Flood
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1050 - New Service
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
- T1569.002 - Service Execution
MITREへのリンク →
Score: 32.97
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1591.003 - Identify Business Tempo
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1558.005 - Ccache Files
- T1612 - Build Image on Host
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1574.010 - Services File Permissions Weakness
- T1542.004 - ROMMONkit
- T1059.011 - Lua
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.52
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1497.002 - User Activity Based Checks
MITREへのリンク →
Score: 16.01
Matched TTPs:
- T1560.001 - Archive via Utility
- T1033 - System Owner/User Discovery
- T1584.008 - Network Devices
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 21.32
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1059.011 - Lua
- T1174 - Password Filter DLL
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 50.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1564.003 - Hidden Window
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1008 - Fallback Channels
MITREへのリンク →
Score: 49.75
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.012 - Print Processors
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.013 - Container CLI/API
- T1601.001 - Patch System Image
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 49.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1491.002 - External Defacement
- T1685.001 - Disable or Modify Windows Event Log
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1542.004 - ROMMONkit
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 60.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1014 - Rootkit
- T1099 - Timestomp
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1543.003 - Windows Service
- T1590.003 - Network Trust Dependencies
- T1176 - Software Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1542.004 - ROMMONkit
MITREへのリンク →
Score: 31.77
Matched TTPs:
- T1560.001 - Archive via Utility
- T1087.002 - Domain Account
- T1591.003 - Identify Business Tempo
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1542.004 - ROMMONkit
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 27.08
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1136.002 - Domain Account
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1546.002 - Screensaver
MITREへのリンク →
Score: 92.58
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1033 - System Owner/User Discovery
- T1583 - Acquire Infrastructure
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1205 - Traffic Signaling
- T1009 - Binary Padding
- T1602.002 - Network Device Configuration Dump
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1552.003 - Shell History
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1059.011 - Lua
- T1027.014 - Polymorphic Code
- T1547.002 - Authentication Package
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1003.003 - NTDS
- T1008 - Fallback Channels
MITREへのリンク →
Score: 21.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.31
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1059.009 - Cloud API
- T1612 - Build Image on Host
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1059.011 - Lua
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 16.54
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1505 - Server Software Component
- T1569.002 - Service Execution
MITREへのリンク →
Score: 35.21
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1134.001 - Token Impersonation/Theft
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
- T1569.002 - Service Execution
MITREへのリンク →
Score: 38.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
- T1059.011 - Lua
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 54.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1491.002 - External Defacement
- T1099 - Timestomp
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1045 - Software Packing
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1683 - Generate Content
- T1187 - Forced Authentication
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 15.64
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583 - Acquire Infrastructure
- T1089 - Disabling Security Tools
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 18.46
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 15.02
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1552.003 - Shell History
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 11.01
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1497.002 - User Activity Based Checks
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 40.94
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1584.008 - Network Devices
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1136.002 - Domain Account
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1519 - Emond
- T1003.003 - NTDS
MITREへのリンク →
Score: 20.24
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 46.41
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1044 - File System Permissions Weakness
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1045 - Software Packing
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1059.006 - Python
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1221 - Template Injection
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 74.21
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1583 - Acquire Infrastructure
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1063 - Security Software Discovery
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1045 - Software Packing
- T1049 - System Network Connections Discovery
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1187 - Forced Authentication
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.95
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 73.15
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1099 - Timestomp
- T1087.002 - Domain Account
- T1591.003 - Identify Business Tempo
- T1562.009 - Safe Mode Boot
- T1598.003 - Spearphishing Link
- T1547.012 - Print Processors
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1205 - Traffic Signaling
- T1059.009 - Cloud API
- T1045 - Software Packing
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1542.004 - ROMMONkit
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1059.013 - Container CLI/API
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 61.12
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1205 - Traffic Signaling
- T1009 - Binary Padding
- T1011.001 - Exfiltration Over Bluetooth
- T1055.013 - Process Doppelgänging
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1608.005 - Link Target
- T1564.002 - Hidden Users
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 20.69
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1059.009 - Cloud API
- T1055.013 - Process Doppelgänging
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.95
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1009 - Binary Padding
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 16.55
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1562.011 - Spoof Security Alerting
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 19.81
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1045 - Software Packing
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1505 - Server Software Component
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 60.20
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1110.001 - Password Guessing
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 77.81
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1132.001 - Standard Encoding
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.003 - Network Trust Dependencies
- T1558.005 - Ccache Files
- T1059.010 - AutoHotKey & AutoIT
- T1070.008 - Clear Mailbox Data
- T1205 - Traffic Signaling
- T1050 - New Service
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1547.011 - Plist Modification
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1547.008 - LSASS Driver
- T1569.002 - Service Execution
MITREへのリンク →
Score: 36.20
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1138 - Application Shimming
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 44.13
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1138 - Application Shimming
- T1218.012 - Verclsid
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 20.01
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1497.002 - User Activity Based Checks
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.34
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.88
Matched TTPs:
- T1583 - Acquire Infrastructure
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1497.002 - User Activity Based Checks
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 6.65
Matched TTPs:
- T1132.001 - Standard Encoding
- T1543.003 - Windows Service
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 28.45
Matched TTPs:
- T1132.001 - Standard Encoding
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 19.50
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 10.11
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1048 - Exfiltration Over Alternative Protocol
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.10
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 19.87
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1591.003 - Identify Business Tempo
- T1562.009 - Safe Mode Boot
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1564.002 - Hidden Users
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.36
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.79
Matched TTPs:
- T1491.002 - External Defacement
- T1157 - Dylib Hijacking
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 46.92
Matched TTPs:
- T1491.002 - External Defacement
- T1685.001 - Disable or Modify Windows Event Log
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1050 - New Service
- T1555.003 - Credentials from Web Browsers
- T1497.002 - User Activity Based Checks
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1027.014 - Polymorphic Code
- T1592.003 - Firmware
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.90
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1497.002 - User Activity Based Checks
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.86
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.07
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 21.24
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1052 - Exfiltration Over Physical Medium
- T1569.002 - Service Execution
MITREへのリンク →
Score: 35.49
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.28
Matched TTPs:
- T1491.002 - External Defacement
- T1099 - Timestomp
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.35
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1552.003 - Shell History
MITREへのリンク →
Score: 24.07
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 22.28
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1555.003 - Credentials from Web Browsers
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.06
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.18
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1089 - Disabling Security Tools
- T1055.013 - Process Doppelgänging
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.89
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 32.98
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1071.003 - Mail Protocols
- T1612 - Build Image on Host
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1142 - Keychain
- T1597 - Search Closed Sources
- T1519 - Emond
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.68
Matched TTPs:
- T1491.002 - External Defacement
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 49.91
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1562.009 - Safe Mode Boot
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1592.002 - Software
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.80
Matched TTPs:
- T1099 - Timestomp
- T1499.003 - Application Exhaustion Flood
- T1087.002 - Domain Account
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1497.002 - User Activity Based Checks
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 50.24
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1138 - Application Shimming
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1223 - Compiled HTML File
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 25.96
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1608.005 - Link Target
- T1056.002 - GUI Input Capture
- T1039 - Data from Network Shared Drive
- T1547.002 - Authentication Package
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.89
Matched TTPs:
- T1682 - Query Public AI Services
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 35.99
Matched TTPs:
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1657 - Financial Theft
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.73
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1114.002 - Remote Email Collection
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 21.40
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.79
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 7.41
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 46.28
Matched TTPs:
- T1036.008 - Masquerade File Type
- T1547.012 - Print Processors
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.40
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.38
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1565.002 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1008 - Fallback Channels
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.63
Matched TTPs:
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1555.003 - Credentials from Web Browsers
- T1497.002 - User Activity Based Checks
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 15.48
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1684 - Social Engineering
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 20.50
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1055.013 - Process Doppelgänging
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.72
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.77
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1574.010 - Services File Permissions Weakness
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 28.75
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1052 - Exfiltration Over Physical Medium
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.98
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.96
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 27.74
Matched TTPs:
- T1087.002 - Domain Account
- T1063 - Security Software Discovery
- T1598.003 - Spearphishing Link
- T1055.013 - Process Doppelgänging
- T1612 - Build Image on Host
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1601.001 - Patch System Image
- T1505 - Server Software Component
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 21.33
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.009 - Cloud API
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1008 - Fallback Channels
MITREへのリンク →
Score: 3.96
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1497.002 - User Activity Based Checks
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.43
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1497.002 - User Activity Based Checks
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.19
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1059.010 - AutoHotKey & AutoIT
- T1050 - New Service
- T1059.009 - Cloud API
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.14
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 13.08
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1497.002 - User Activity Based Checks
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.04
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1136.002 - Domain Account
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.40
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
MITREへのリンク →
Score: 10.90
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1497.002 - User Activity Based Checks
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.30
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 22.54
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1547.011 - Plist Modification
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 11.89
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.30
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.75
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1059.011 - Lua
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 16.93
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1552.003 - Shell History
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 44.89
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1547.005 - Security Support Provider
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1619 - Cloud Storage Object Discovery
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
- T1027.002 - Software Packing
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.69
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.42
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1612 - Build Image on Host
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 8.58
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 21.30
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1548 - Abuse Elevation Control Mechanism
- T1055.013 - Process Doppelgänging
- T1497.002 - User Activity Based Checks
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.69
Matched TTPs:
- T1089 - Disabling Security Tools
- T1583.005 - Botnet
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1027.007 - Dynamic API Resolution
- T1569.002 - Service Execution
MITREへのリンク →
Score: 11.34
Matched TTPs:
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1583.005 - Botnet
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 29.17
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1134.001 - Token Impersonation/Theft
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 19.67
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1059.011 - Lua
- T1059.013 - Container CLI/API
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 10.35
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1497.002 - User Activity Based Checks
- T1562.013 - Disable or Modify Network Device Firewall
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.14
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.77
Matched TTPs:
- T1055.003 - Thread Execution Hijacking
- T1045 - Software Packing
- T1497.002 - User Activity Based Checks
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 27.14
Matched TTPs:
- T1547.005 - Security Support Provider
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1619 - Cloud Storage Object Discovery
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.003 - Firmware
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 8.60
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1497.002 - User Activity Based Checks
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 7.36
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 11.54
Matched TTPs:
- T1101 - Security Support Provider
- T1051 - Shared Webroot
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 9.19
Matched TTPs:
- T1045 - Software Packing
- T1055.013 - Process Doppelgänging
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
Score: 9.02
Matched TTPs:
- T1045 - Software Packing
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 3.14
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1497.002 - User Activity Based Checks
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1552.003 - Shell History
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 3.07
Matched TTPs:
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1602.002 - Network Device Configuration Dump
- T1087.002 - Domain Account
- T1140 - Deobfuscate/Decode Files or Information
- T1003.003 - NTDS
- T1565.002 - Transmitted Data Manipulation
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1552.003 - Shell History
- T1684 - Social Engineering
- T1547.002 - Authentication Package
- T1583 - Acquire Infrastructure
- T1497.002 - User Activity Based Checks
- T1051 - Shared Webroot
- T1037 - Boot or Logon Initialization Scripts
- T1608.005 - Link Target
- T1555.003 - Credentials from Web Browsers
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
- T1597 - Search Closed Sources
- T1562.013 - Disable or Modify Network Device Firewall
- T1583.005 - Botnet
- T1560.001 - Archive via Utility
- T1205 - Traffic Signaling
- T1059.009 - Cloud API
- T1601.001 - Patch System Image
- T1055.014 - VDSO Hijacking
- T1598.003 - Spearphishing Link
- T1009 - Binary Padding
- T1606.002 - SAML Tokens
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1566.002 - Spearphishing Link
- T1033 - System Owner/User Discovery
- T1059.011 - Lua
- T1027.018 - Invisible Unicode
- T1027.014 - Polymorphic Code
- T1199 - Trusted Relationship
- T1213.006 - Databases
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1089 - Disabling Security Tools
- T1087.002 - Domain Account
- T1070.008 - Clear Mailbox Data
- T1050 - New Service
- T1590.003 - Network Trust Dependencies
- T1157 - Dylib Hijacking
- T1567.002 - Exfiltration to Cloud Storage
- T1547.008 - LSASS Driver
- T1546.016 - Installer Packages
- T1543.003 - Windows Service
- T1569.002 - Service Execution
- T1547.011 - Plist Modification
- T1547.002 - Authentication Package
- T1583 - Acquire Infrastructure
- T1497.002 - User Activity Based Checks
- T1070.006 - Timestomp
- T1132.001 - Standard Encoding
- T1608.005 - Link Target
- T1491.002 - External Defacement
- T1547.013 - XDG Autostart Entries
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1205 - Traffic Signaling
- T1598.003 - Spearphishing Link
- T1009 - Binary Padding
- T1174 - Password Filter DLL
- T1558.005 - Ccache Files
- T1055.005 - Thread Local Storage
- T1606.002 - SAML Tokens
- T1218.012 - Verclsid
- T1218.010 - Regsvr32
- T1199 - Trusted Relationship
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1089 - Disabling Security Tools
- T1087.002 - Domain Account
- T1565.002 - Transmitted Data Manipulation
- T1590.003 - Network Trust Dependencies
- T1567.002 - Exfiltration to Cloud Storage
- T1543.003 - Windows Service
- T1055.013 - Process Doppelgänging
- T1091 - Replication Through Removable Media
- T1497.002 - User Activity Based Checks
- T1037 - Boot or Logon Initialization Scripts
- T1608.005 - Link Target
- T1555.003 - Credentials from Web Browsers
- T1169 - Sudo
- T1612 - Build Image on Host
- T1547.013 - XDG Autostart Entries
- T1569.001 - Launchctl
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1055.005 - Thread Local Storage
- T1606.002 - SAML Tokens
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1566.002 - Spearphishing Link
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
- T1136.001 - Local Account
- T1199 - Trusted Relationship
- T1159 - Launch Agent
- T1059.010 - AutoHotKey & AutoIT
- T1562.006 - Indicator Blocking
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1087.002 - Domain Account
- T1140 - Deobfuscate/Decode Files or Information
- T1005 - Data from Local System
- T1049 - System Network Connections Discovery
- T1590.003 - Network Trust Dependencies
- T1157 - Dylib Hijacking
- T1546.016 - Installer Packages
- T1543.003 - Windows Service
- T1187 - Forced Authentication
- T1091 - Replication Through Removable Media
- T1547.002 - Authentication Package
- T1573 - Encrypted Channel
- T1583 - Acquire Infrastructure
- T1497.002 - User Activity Based Checks
- T1045 - Software Packing
- T1063 - Security Software Discovery
- T1555.003 - Credentials from Web Browsers
- T1558 - Steal or Forge Kerberos Tickets
- T1547.013 - XDG Autostart Entries
- T1583.005 - Botnet
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
- T1598.003 - Spearphishing Link
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1027 - Obfuscated Files or Information
- T1564.008 - Email Hiding Rules
- T1033 - System Owner/User Discovery
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
- T1199 - Trusted Relationship
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 0.55
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1056.002 - GUI Input Capture
- T1087.002 - Domain Account
- T1542.004 - ROMMONkit
- T1590.003 - Network Trust Dependencies
- T1554 - Compromise Host Software Binary
- T1591.003 - Identify Business Tempo
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1547.002 - Authentication Package
- T1583 - Acquire Infrastructure
- T1497.002 - User Activity Based Checks
- T1045 - Software Packing
- T1608.005 - Link Target
- T1612 - Build Image on Host
- T1547.013 - XDG Autostart Entries
- T1597 - Search Closed Sources
- T1099 - Timestomp
- T1205 - Traffic Signaling
- T1059.009 - Cloud API
- T1601.001 - Patch System Image
- T1055.014 - VDSO Hijacking
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1059.011 - Lua
- T1547.012 - Print Processors
- T1027.018 - Invisible Unicode
- T1059.013 - Container CLI/API
- T1199 - Trusted Relationship
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design