Funnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain Attacks
概要
The report details the resurgence of the Funnull cybercriminal group, now utilizing a new arsenal called RingH23. It exposes their tactics, including compromising GoEdge CDN nodes, poisoning the MacCMS supply chain, and deploying sophisticated malware components like Badredis2s, Badnginx2s, and Badhide2s. The group has expanded its operations to inject malicious JavaScript, hijack cryptocurrency transactions, and redirect traffic to fraudulent sites. The campaign's impact is estimated to affect millions of users daily. The report also highlights Funnull's use of a suspicious new CDN infrastructure, CDN1.AI, likely created to evade detection.
Created: 2026-03-04
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 31.26
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1045 - Software Packing
- T1016 - System Network Configuration Discovery
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 16.50
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1584.008 - Network Devices
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 42.27
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1193 - Spearphishing Attachment
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 33.12
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1566.002 - Spearphishing Link
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1098.002 - Additional Email Delegate Permissions
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 15.45
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 44.27
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1547.006 - Kernel Modules and Extensions
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 9.22
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 38.21
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1057 - Process Discovery
- T1157 - Dylib Hijacking
- T1065 - Uncommonly Used Port
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 16.65
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1057 - Process Discovery
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.49
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.24
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1140 - Deobfuscate/Decode Files or Information
- T1055.014 - VDSO Hijacking
- T1157 - Dylib Hijacking
- T1027.014 - Polymorphic Code
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1584.008 - Network Devices
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.22
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 17.09
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1218.012 - Verclsid
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 15.36
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1053.006 - Systemd Timers
MITREへのリンク →
Score: 24.92
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1193 - Spearphishing Attachment
- T1657 - Financial Theft
- T1654 - Log Enumeration
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 13.16
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 5.86
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 7.22
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 12.23
Matched TTPs:
- T1584.008 - Network Devices
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 11.71
Matched TTPs:
- T1584.008 - Network Devices
- T1038 - DLL Search Order Hijacking
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.49
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1157 - Dylib Hijacking
- T1137.004 - Outlook Home Page
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 13.65
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 23.62
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1055.014 - VDSO Hijacking
- T1065 - Uncommonly Used Port
MITREへのリンク →
Score: 45.21
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1654 - Log Enumeration
- T1057 - Process Discovery
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1030 - Data Transfer Size Limits
- T1132.002 - Non-Standard Encoding
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.68
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.50
Matched TTPs:
- T1606.002 - SAML Tokens
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1498 - Network Denial of Service
MITREへのリンク →
Score: 25.23
Matched TTPs:
- T1606.002 - SAML Tokens
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1606.001 - Web Cookies
- T1057 - Process Discovery
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 19.35
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 18.96
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 12.31
Matched TTPs:
- T1606.002 - SAML Tokens
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.32
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1009 - Binary Padding
- T1498 - Network Denial of Service
MITREへのリンク →
Score: 6.79
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 5.51
Matched TTPs:
- T1606.002 - SAML Tokens
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 17.08
Matched TTPs:
- T1606.002 - SAML Tokens
- T1176 - Software Extensions
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.01
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1569.001 - Launchctl
- T1608 - Stage Capabilities
- T1203 - Exploitation for Client Execution
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.54
Matched TTPs:
- T1606.002 - SAML Tokens
- T1036.009 - Break Process Trees
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1071.003 - Mail Protocols
- T1055.004 - Asynchronous Procedure Call
- T1547.006 - Kernel Modules and Extensions
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 29.13
Matched TTPs:
- T1606.002 - SAML Tokens
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1057 - Process Discovery
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1065 - Uncommonly Used Port
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 36.82
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1045 - Software Packing
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1498 - Network Denial of Service
- T1027.002 - Software Packing
MITREへのリンク →
Score: 10.69
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 9.78
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 18.58
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.41
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 11.64
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1218.001 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.39
Matched TTPs:
- T1115 - Clipboard Data
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.35
Matched TTPs:
- T1583.005 - Botnet
- T1036.009 - Break Process Trees
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 7.87
Matched TTPs:
- T1583.005 - Botnet
- T1562.012 - Disable or Modify Linux Audit System
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.29
Matched TTPs:
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1547.006 - Kernel Modules and Extensions
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 12.21
Matched TTPs:
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 7.47
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.84
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1218.001 - Compiled HTML File
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 31.95
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1045 - Software Packing
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1606.001 - Web Cookies
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1203 - Exploitation for Client Execution
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1562.012 - Disable or Modify Linux Audit System
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.19
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1606.001 - Web Cookies
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.64
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 8.16
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.86
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.81
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1562.012 - Disable or Modify Linux Audit System
- T1030 - Data Transfer Size Limits
- T1132.002 - Non-Standard Encoding
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.52
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 5.24
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 10.73
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.18
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1547.006 - Kernel Modules and Extensions
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.45
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.001 - Compiled HTML File
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1002 - Data Compressed
MITREへのリンク →
Score: 18.51
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.25
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.10
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1055.003 - Thread Execution Hijacking
- T1045 - Software Packing
MITREへのリンク →
Score: 8.24
Matched TTPs:
- T1518.002 - Backup Software Discovery
- T1027.014 - Polymorphic Code
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 30.85
Matched TTPs:
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1193 - Spearphishing Attachment
- T1045 - Software Packing
- T1157 - Dylib Hijacking
- T1137.004 - Outlook Home Page
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
- T1132.002 - Non-Standard Encoding
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1009 - Binary Padding
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 11.91
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.10
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.41
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.14
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 10.46
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1203 - Exploitation for Client Execution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1045 - Software Packing
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1574 - Hijack Execution Flow
- T1132.002 - Non-Standard Encoding
MITREへのリンク →
Score: 3.70
Matched TTPs:
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.44
Matched TTPs:
- T1196 - Control Panel Items
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1132.002 - Non-Standard Encoding
- T1009 - Binary Padding
- T1027.018 - Invisible Unicode
- T1654 - Log Enumeration
- T1057 - Process Discovery
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1027.014 - Polymorphic Code
- T1218.012 - Verclsid
- T1566.002 - Spearphishing Link
- T1030 - Data Transfer Size Limits
- T1608 - Stage Capabilities
- T1055.014 - VDSO Hijacking
MITREへのリンク →
Score: 0.69
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1584.008 - Network Devices
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1574.002 - DLL Side-Loading
- T1547.006 - Kernel Modules and Extensions
- T1539 - Steal Web Session Cookie
- T1027 - Obfuscated Files or Information
- T1157 - Dylib Hijacking
- T1002 - Data Compressed
- T1030 - Data Transfer Size Limits
- T1037.001 - Logon Script (Windows)
- T1177 - LSASS Driver
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 0.65
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1091 - Replication Through Removable Media
- T1045 - Software Packing
- T1005 - Data from Local System
- T1193 - Spearphishing Attachment
- T1055.004 - Asynchronous Procedure Call
- T1027.018 - Invisible Unicode
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1075 - Pass the Hash
- T1027 - Obfuscated Files or Information
- T1157 - Dylib Hijacking
- T1049 - System Network Connections Discovery
- T1566.002 - Spearphishing Link
- T1564.008 - Email Hiding Rules
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1057 - Process Discovery
- T1685.001 - Disable or Modify Windows Event Log
- T1574.002 - DLL Side-Loading
- T1547.005 - Security Support Provider
- T1065 - Uncommonly Used Port
- T1157 - Dylib Hijacking
- T1049 - System Network Connections Discovery
- T1070.006 - Timestomp
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1045 - Software Packing
- T1498 - Network Denial of Service
- T1547.005 - Security Support Provider
- T1027 - Obfuscated Files or Information
- T1027.002 - Software Packing
- T1157 - Dylib Hijacking
- T1566.002 - Spearphishing Link
- T1685.004 - Disable or Modify Linux Audit System Log
- T1583.001 - Domains
- T1030 - Data Transfer Size Limits
- T1597 - Search Closed Sources
- T1564.003 - Hidden Window
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design