Contagious Interview: Evolution of VS Code and Cursor Tasks Infection Chains - Part 1
概要
This intelligence report details the evolution of malware delivery techniques targeting integrated development environments (IDEs) like Visual Studio Code and Cursor. The threat actors, known as Contagious Interview, have expanded their payload staging methods to include GitHub Gists, URL shorteners, Google Drive, and custom domains. New infection chains involve complex loaders, including a custom stack-based bytecode VM and PyArmor-protected Python malware. The report highlights the actors' adaptability in response to takedowns and community reporting, showcasing their use of various obfuscation techniques and masquerading tactics. Detection opportunities and indicators of compromise are provided, including suspicious process behaviors, file paths, and network requests.
Created: 2026-02-27
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 84.21
Matched TTPs:
- T1132.001 - Standard Encoding
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1070.008 - Clear Mailbox Data
- T1205 - Traffic Signaling
- T1050 - New Service
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1677 - Poisoned Pipeline Execution
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1174 - Password Filter DLL
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1547.008 - LSASS Driver
- T1569.002 - Service Execution
MITREへのリンク →
Score: 5.29
Matched TTPs:
- T1132.001 - Standard Encoding
- T1543.003 - Windows Service
MITREへのリンク →
Score: 30.04
Matched TTPs:
- T1132.001 - Standard Encoding
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 58.89
Matched TTPs:
- T1056.001 - Keylogging
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
- T1569.002 - Service Execution
MITREへのリンク →
Score: 61.87
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1218.008 - Odbcconf
- T1045 - Software Packing
- T1016 - System Network Configuration Discovery
- T1219.001 - IDE Tunneling
- T1064 - Scripting
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1059.006 - Python
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1027.010 - Command Obfuscation
- T1221 - Template Injection
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 18.45
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
- T1159 - Launch Agent
MITREへのリンク →
Score: 13.46
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1048 - Exfiltration Over Alternative Protocol
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.79
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 29.90
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1591.003 - Identify Business Tempo
- T1562.009 - Safe Mode Boot
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1064 - Scripting
- T1583.006 - Web Services
- T1564.002 - Hidden Users
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.36
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 53.85
Matched TTPs:
- T1491.002 - External Defacement
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1542.004 - ROMMONkit
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1588.003 - Code Signing Certificates
- T1564.004 - NTFS File Attributes
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.90
Matched TTPs:
- T1491.002 - External Defacement
- T1219.001 - IDE Tunneling
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 44.14
Matched TTPs:
- T1491.002 - External Defacement
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1050 - New Service
- T1562.004 - Disable or Modify System Firewall
- T1580 - Cloud Infrastructure Discovery
- T1555.003 - Credentials from Web Browsers
- T1497.002 - User Activity Based Checks
- T1055.014 - VDSO Hijacking
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 32.87
Matched TTPs:
- T1491.002 - External Defacement
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1027.010 - Command Obfuscation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 47.30
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1499.002 - Service Exhaustion Flood
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1050 - New Service
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1027.004 - Compile After Delivery
- T1564.007 - VBA Stomping
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
- T1569.002 - Service Execution
MITREへのリンク →
Score: 23.92
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1134.002 - Create Process with Token
- T1055.013 - Process Doppelgänging
- T1064 - Scripting
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 12.55
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.38
Matched TTPs:
- T1491.002 - External Defacement
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 36.81
Matched TTPs:
- T1491.002 - External Defacement
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1138 - Application Shimming
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1537 - Transfer Data to Cloud Account
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 21.56
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1580 - Cloud Infrastructure Discovery
- T1590.006 - Network Security Appliances
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
- T1569.002 - Service Execution
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 20.22
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1059.009 - Cloud API
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 36.21
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1542.004 - ROMMONkit
- T1570 - Lateral Tool Transfer
- T1601.001 - Patch System Image
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
- T1588.005 - Exploits
MITREへのリンク →
Score: 47.58
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
- T1591.001 - Determine Physical Locations
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 28.68
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1537 - Transfer Data to Cloud Account
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 14.27
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1552.003 - Shell History
- T1102.002 - Bidirectional Communication
- T1506 - Web Session Cookie
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 65.48
Matched TTPs:
- T1491.002 - External Defacement
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1070.003 - Clear Command History
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1683 - Generate Content
- T1187 - Forced Authentication
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 16.61
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 16.17
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1045 - Software Packing
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1001.001 - Junk Data
MITREへのリンク →
Score: 29.33
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1209 - Time Providers
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.85
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 8.08
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1089 - Disabling Security Tools
- T1055.013 - Process Doppelgänging
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 30.21
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1174 - Password Filter DLL
- T1070.009 - Clear Persistence
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.36
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 40.88
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1519 - Emond
- T1537 - Transfer Data to Cloud Account
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.73
Matched TTPs:
- T1491.002 - External Defacement
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1203 - Exploitation for Client Execution
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 57.90
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1562.009 - Safe Mode Boot
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1097 - Pass the Ticket
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 57.83
Matched TTPs:
- T1491.002 - External Defacement
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1092 - Communication Through Removable Media
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 20.40
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1136.002 - Domain Account
- T1583.006 - Web Services
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 35.99
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1218.008 - Odbcconf
- T1059 - Command and Scripting Interpreter
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1203 - Exploitation for Client Execution
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 16.12
Matched TTPs:
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1497.002 - User Activity Based Checks
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1570 - Lateral Tool Transfer
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 22.37
Matched TTPs:
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1590.006 - Network Security Appliances
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1174 - Password Filter DLL
- T1537 - Transfer Data to Cloud Account
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 56.90
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1580 - Cloud Infrastructure Discovery
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1138 - Application Shimming
- T1218.012 - Verclsid
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1218.009 - Regsvcs/Regasm
- T1027.004 - Compile After Delivery
- T1223 - Compiled HTML File
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.68
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
- T1569.002 - Service Execution
MITREへのリンク →
Score: 52.75
Matched TTPs:
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1193 - Spearphishing Attachment
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1657 - Financial Theft
- T1497.002 - User Activity Based Checks
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1027.004 - Compile After Delivery
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 28.25
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1102.002 - Bidirectional Communication
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.67
Matched TTPs:
- T1584.008 - Network Devices
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1209 - Time Providers
MITREへのリンク →
Score: 70.53
Matched TTPs:
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1552.004 - Private Keys
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1097 - Pass the Ticket
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1570 - Lateral Tool Transfer
- T1564.003 - Hidden Window
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 24.19
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1677 - Poisoned Pipeline Execution
- T1219.001 - IDE Tunneling
- T1102 - Web Service
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 31.73
Matched TTPs:
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1059.009 - Cloud API
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 48.14
Matched TTPs:
- T1584.008 - Network Devices
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1136.002 - Domain Account
- T1051 - Shared Webroot
- T1102 - Web Service
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1070.009 - Clear Persistence
- T1519 - Emond
- T1209 - Time Providers
- T1003.003 - NTDS
MITREへのリンク →
Score: 16.67
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 20.02
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
- T1114.002 - Remote Email Collection
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 39.49
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1087.002 - Domain Account
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1027.010 - Command Obfuscation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 93.23
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1205 - Traffic Signaling
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1580 - Cloud Infrastructure Discovery
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1092 - Communication Through Removable Media
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1552.003 - Shell History
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1059.011 - Lua
- T1027.014 - Polymorphic Code
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
- T1003.003 - NTDS
MITREへのリンク →
Score: 17.71
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1003.007 - Proc Filesystem
- T1059.009 - Cloud API
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1570 - Lateral Tool Transfer
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 34.18
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1488 - Disk Content Wipe
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1027.004 - Compile After Delivery
- T1546.002 - Screensaver
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 18.31
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 73.10
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1063 - Security Software Discovery
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1134.002 - Create Process with Token
- T1193 - Spearphishing Attachment
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1187 - Forced Authentication
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.29
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1009 - Binary Padding
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 19.74
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1552.003 - Shell History
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.77
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1558 - Steal or Forge Kerberos Tickets
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 25.48
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1591.003 - Identify Business Tempo
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1497.002 - User Activity Based Checks
- T1542.004 - ROMMONkit
- T1059.011 - Lua
- T1027.004 - Compile After Delivery
- T1070.009 - Clear Persistence
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
MITREへのリンク →
Score: 83.02
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1136.001 - Local Account
- T1092 - Communication Through Removable Media
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1562.006 - Indicator Blocking
- T1677 - Poisoned Pipeline Execution
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1569.001 - Launchctl
- T1102 - Web Service
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1169 - Sudo
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1070.009 - Clear Persistence
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
- T1159 - Launch Agent
- T1071.001 - Web Protocols
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 69.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1555 - Credentials from Password Stores
- T1205 - Traffic Signaling
- T1009 - Binary Padding
- T1011.001 - Exfiltration Over Bluetooth
- T1092 - Communication Through Removable Media
- T1055.013 - Process Doppelgänging
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1564.002 - Hidden Users
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 32.94
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1586.002 - Email Accounts
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1027.010 - Command Obfuscation
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 60.13
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.012 - Print Processors
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1518.002 - Backup Software Discovery
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1027.010 - Command Obfuscation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 26.22
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1684 - Social Engineering
- T1055.013 - Process Doppelgänging
- T1583.006 - Web Services
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1497.002 - User Activity Based Checks
- T1059.011 - Lua
MITREへのリンク →
Score: 30.50
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.009 - Cloud API
- T1580 - Cloud Infrastructure Discovery
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 11.90
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 9.81
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 6.98
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 14.26
Matched TTPs:
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1497.002 - User Activity Based Checks
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 16.05
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1684 - Social Engineering
- T1203 - Exploitation for Client Execution
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 17.13
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1134.002 - Create Process with Token
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1562.011 - Spoof Security Alerting
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 19.39
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1059.009 - Cloud API
- T1027.017 - SVG Smuggling
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 18.92
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1601.001 - Patch System Image
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 13.49
Matched TTPs:
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 7.13
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 11.62
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.96
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 21.27
Matched TTPs:
- T1087.002 - Domain Account
- T1063 - Security Software Discovery
- T1598.003 - Spearphishing Link
- T1055.013 - Process Doppelgänging
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.36
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1497.002 - User Activity Based Checks
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 5.43
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1497.002 - User Activity Based Checks
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 18.44
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1050 - New Service
- T1059.009 - Cloud API
- T1114.003 - Email Forwarding Rule
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 46.58
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1557.003 - DHCP Spoofing
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1562.011 - Spoof Security Alerting
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 19.63
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1506 - Web Session Cookie
- T1027.010 - Command Obfuscation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 13.32
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1555.003 - Credentials from Web Browsers
- T1497.002 - User Activity Based Checks
- T1059.001 - PowerShell
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 42.71
Matched TTPs:
- T1087.002 - Domain Account
- T1591.003 - Identify Business Tempo
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1580 - Cloud Infrastructure Discovery
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1542.004 - ROMMONkit
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1027.004 - Compile After Delivery
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 57.30
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1684 - Social Engineering
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1138 - Application Shimming
- T1218.012 - Verclsid
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1537 - Transfer Data to Cloud Account
- T1027.010 - Command Obfuscation
- T1059.005 - Visual Basic
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.53
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1590.006 - Network Security Appliances
- T1506 - Web Session Cookie
- T1209 - Time Providers
MITREへのリンク →
Score: 15.61
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 8.45
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 78.26
Matched TTPs:
- T1087.002 - Domain Account
- T1591.003 - Identify Business Tempo
- T1562.009 - Safe Mode Boot
- T1598.003 - Spearphishing Link
- T1547.012 - Print Processors
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1205 - Traffic Signaling
- T1059.009 - Cloud API
- T1092 - Communication Through Removable Media
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1542.004 - ROMMONkit
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1203 - Exploitation for Client Execution
- T1570 - Lateral Tool Transfer
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 8.49
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 5.30
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 16.46
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1684 - Social Engineering
- T1059.009 - Cloud API
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 13.23
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1497.002 - User Activity Based Checks
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.42
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1209 - Time Providers
MITREへのリンク →
Score: 20.21
Matched TTPs:
- T1087.002 - Domain Account
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1583.006 - Web Services
- T1059.011 - Lua
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1027.010 - Command Obfuscation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.84
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1552.003 - Shell History
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 56.66
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1218.005 - Mshta
- T1619 - Cloud Storage Object Discovery
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
- T1027.002 - Software Packing
- T1547.013 - XDG Autostart Entries
- T1588.005 - Exploits
MITREへのリンク →
Score: 29.47
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1102.002 - Bidirectional Communication
- T1506 - Web Session Cookie
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 8.78
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 74.60
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1102 - Web Service
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1488 - Disk Content Wipe
- T1570 - Lateral Tool Transfer
- T1065 - Uncommonly Used Port
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
- T1209 - Time Providers
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1574.002 - DLL Side-Loading
- T1569.002 - Service Execution
MITREへのリンク →
Score: 9.25
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1557.003 - DHCP Spoofing
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.73
Matched TTPs:
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.14
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1136.002 - Domain Account
- T1583.006 - Web Services
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 24.23
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1027.004 - Compile After Delivery
- T1537 - Transfer Data to Cloud Account
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 19.42
Matched TTPs:
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1059.009 - Cloud API
- T1590.006 - Network Security Appliances
- T1677 - Poisoned Pipeline Execution
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 9.68
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1134.002 - Create Process with Token
- T1584.005 - Botnet
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 15.67
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 42.32
Matched TTPs:
- T1547.012 - Print Processors
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 25.79
Matched TTPs:
- T1089 - Disabling Security Tools
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1570 - Lateral Tool Transfer
- T1059.003 - Windows Command Shell
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 16.69
Matched TTPs:
- T1089 - Disabling Security Tools
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1569.002 - Service Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 27.79
Matched TTPs:
- T1089 - Disabling Security Tools
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1552.004 - Private Keys
- T1136.002 - Domain Account
- T1102 - Web Service
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.77
Matched TTPs:
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1203 - Exploitation for Client Execution
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.84
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
MITREへのリンク →
Score: 42.06
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1070.003 - Clear Command History
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1606.001 - Web Cookies
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1102.002 - Bidirectional Communication
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 32.79
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1552.004 - Private Keys
- T1114.003 - Email Forwarding Rule
- T1583.006 - Web Services
- T1597 - Search Closed Sources
- T1059.011 - Lua
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1070.009 - Clear Persistence
- T1537 - Transfer Data to Cloud Account
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.65
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1497.002 - User Activity Based Checks
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 14.52
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1203 - Exploitation for Client Execution
- T1506 - Web Session Cookie
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.74
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 19.12
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1083 - File and Directory Discovery
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1070.009 - Clear Persistence
- T1209 - Time Providers
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.63
Matched TTPs:
- T1137.005 - Outlook Rules
- T1586.002 - Email Accounts
- T1580 - Cloud Infrastructure Discovery
- T1552.003 - Shell History
- T1497.002 - User Activity Based Checks
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.53
Matched TTPs:
- T1586.002 - Email Accounts
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1209 - Time Providers
MITREへのリンク →
Score: 8.18
Matched TTPs:
- T1586.002 - Email Accounts
- T1009 - Binary Padding
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 34.23
Matched TTPs:
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1193 - Spearphishing Attachment
- T1218.008 - Odbcconf
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1619 - Cloud Storage Object Discovery
- T1199 - Trusted Relationship
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
- T1588.005 - Exploits
MITREへのリンク →
Score: 12.38
Matched TTPs:
- T1059.009 - Cloud API
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1570 - Lateral Tool Transfer
- T1209 - Time Providers
- T1569.002 - Service Execution
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1580 - Cloud Infrastructure Discovery
MITREへのリンク →
Score: 10.11
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 8.36
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1045 - Software Packing
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1045 - Software Packing
- T1497.002 - User Activity Based Checks
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 10.49
Matched TTPs:
- T1045 - Software Packing
- T1055.013 - Process Doppelgänging
- T1219.001 - IDE Tunneling
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
Score: 7.60
Matched TTPs:
- T1045 - Software Packing
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 7.09
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.33
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1542.004 - ROMMONkit
MITREへのリンク →
Score: 3.59
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.07
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1199 - Trusted Relationship
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1209 - Time Providers
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1552.003 - Shell History
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1497.002 - User Activity Based Checks
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1051 - Shared Webroot
- T1092 - Communication Through Removable Media
- T1055.014 - VDSO Hijacking
- T1552.003 - Shell History
- T1059.011 - Lua
- T1570 - Lateral Tool Transfer
- T1608.005 - Link Target
- T1087.002 - Domain Account
- T1580 - Cloud Infrastructure Discovery
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1608 - Stage Capabilities
- T1041 - Exfiltration Over C2 Channel
- T1537 - Transfer Data to Cloud Account
- T1597 - Search Closed Sources
- T1003.003 - NTDS
- T1070.009 - Clear Persistence
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1205 - Traffic Signaling
- T1009 - Binary Padding
- T1547.002 - Authentication Package
- T1543.003 - Windows Service
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1027.014 - Polymorphic Code
- T1547.013 - XDG Autostart Entries
- T1059.009 - Cloud API
- T1583.006 - Web Services
- T1140 - Deobfuscate/Decode Files or Information
- T1003.007 - Proc Filesystem
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1566.002 - Spearphishing Link
- T1027.004 - Compile After Delivery
- T1598.003 - Spearphishing Link
- T1027.010 - Command Obfuscation
- T1601.001 - Patch System Image
- T1506 - Web Session Cookie
- T1218.012 - Verclsid
- T1557.003 - DHCP Spoofing
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1218.010 - Regsvr32
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1570 - Lateral Tool Transfer
- T1608.005 - Link Target
- T1087.002 - Domain Account
- T1199 - Trusted Relationship
- T1569.002 - Service Execution
- T1069.001 - Local Groups
- T1547.008 - LSASS Driver
- T1597 - Search Closed Sources
- T1677 - Poisoned Pipeline Execution
- T1606.002 - SAML Tokens
- T1070.009 - Clear Persistence
- T1059.012 - Hypervisor CLI
- T1590.006 - Network Security Appliances
- T1205 - Traffic Signaling
- T1009 - Binary Padding
- T1547.002 - Authentication Package
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1606.001 - Web Cookies
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1547.013 - XDG Autostart Entries
- T1491.002 - External Defacement
- T1583.006 - Web Services
- T1050 - New Service
- T1132.001 - Standard Encoding
- T1134.002 - Create Process with Token
- T1598.003 - Spearphishing Link
- T1027.010 - Command Obfuscation
- T1218.012 - Verclsid
- T1055.005 - Thread Local Storage
- T1209 - Time Providers
- T1059.010 - AutoHotKey & AutoIT
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1092 - Communication Through Removable Media
- T1218.010 - Regsvr32
- T1059.011 - Lua
- T1608.005 - Link Target
- T1569.001 - Launchctl
- T1087.002 - Domain Account
- T1102 - Web Service
- T1199 - Trusted Relationship
- T1071.001 - Web Protocols
- T1608 - Stage Capabilities
- T1677 - Poisoned Pipeline Execution
- T1606.002 - SAML Tokens
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1543.003 - Windows Service
- T1089 - Disabling Security Tools
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1547.013 - XDG Autostart Entries
- T1583.006 - Web Services
- T1555.003 - Credentials from Web Browsers
- T1169 - Sudo
- T1562.006 - Indicator Blocking
- T1055.013 - Process Doppelgänging
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1027.010 - Command Obfuscation
- T1203 - Exploitation for Client Execution
- T1136.001 - Local Account
- T1218.012 - Verclsid
- T1055.005 - Thread Local Storage
- T1209 - Time Providers
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1092 - Communication Through Removable Media
- T1542.004 - ROMMONkit
- T1055.014 - VDSO Hijacking
- T1059.011 - Lua
- T1570 - Lateral Tool Transfer
- T1608.005 - Link Target
- T1591.003 - Identify Business Tempo
- T1087.002 - Domain Account
- T1045 - Software Packing
- T1684 - Social Engineering
- T1059.013 - Container CLI/API
- T1199 - Trusted Relationship
- T1608 - Stage Capabilities
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
- T1091 - Replication Through Removable Media
- T1205 - Traffic Signaling
- T1562.009 - Safe Mode Boot
- T1547.002 - Authentication Package
- T1606.001 - Web Cookies
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
- T1059.009 - Cloud API
- T1583.006 - Web Services
- T1598.003 - Spearphishing Link
- T1027.010 - Command Obfuscation
- T1203 - Exploitation for Client Execution
- T1601.001 - Patch System Image
- T1506 - Web Session Cookie
- T1218.012 - Verclsid
- T1059.010 - AutoHotKey & AutoIT
- T1547.012 - Print Processors
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1083 - File and Directory Discovery
- T1547.005 - Security Support Provider
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1570 - Lateral Tool Transfer
- T1045 - Software Packing
- T1102 - Web Service
- T1199 - Trusted Relationship
- T1569.002 - Service Execution
- T1537 - Transfer Data to Cloud Account
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1176 - Software Extensions
- T1590.006 - Network Security Appliances
- T1562.009 - Safe Mode Boot
- T1488 - Disk Content Wipe
- T1219.001 - IDE Tunneling
- T1497.002 - User Activity Based Checks
- T1547.013 - XDG Autostart Entries
- T1059.009 - Cloud API
- T1583.006 - Web Services
- T1140 - Deobfuscate/Decode Files or Information
- T1003.007 - Proc Filesystem
- T1555.003 - Credentials from Web Browsers
- T1049 - System Network Connections Discovery
- T1134.002 - Create Process with Token
- T1574.002 - DLL Side-Loading
- T1209 - Time Providers
- T1059.010 - AutoHotKey & AutoIT
- T1065 - Uncommonly Used Port
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design