Dust Specter APT Targets Government Officials in Iraq
概要
A suspected Iran-nexus threat actor, dubbed Dust Specter, targeted Iraqi government officials in January 2026. The campaign involved impersonating Iraq's Ministry of Foreign Affairs and using compromised government infrastructure to host malicious payloads. Two attack chains were identified, utilizing previously undocumented malware including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. The malware employed creative evasion techniques, leveraged generative AI for development, and used file-based polling mechanisms for command execution. The campaign also incorporated ClickFix-style attacks and social engineering lures. Attribution to an Iran-nexus group is based on code similarities, victimology, and overlapping tactics with known Iranian APT groups.
Created: 2026-03-04
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 35.87
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1070.006 - Timestomp
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1132.001 - Standard Encoding
MITREへのリンク →
Score: 26.77
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1057 - Process Discovery
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 33.70
Matched TTPs:
- T1056.001 - Keylogging
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1176 - Software Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 57.12
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1218.008 - Odbcconf
- T1045 - Software Packing
- T1016 - System Network Configuration Discovery
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1656 - Impersonation
- T1059.006 - Python
- T1221 - Template Injection
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 39.01
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1005 - Data from Local System
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1136.002 - Domain Account
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1656 - Impersonation
- T1519 - Emond
- T1209 - Time Providers
- T1003.003 - NTDS
MITREへのリンク →
Score: 59.38
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1183 - Image File Execution Options Injection
- T1193 - Spearphishing Attachment
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1187 - Forced Authentication
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
MITREへのリンク →
Score: 53.07
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1564.003 - Hidden Window
- T1209 - Time Providers
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 11.41
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1558 - Steal or Forge Kerberos Tickets
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.52
Matched TTPs:
- T1584.008 - Network Devices
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 13.36
Matched TTPs:
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 27.85
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1218.012 - Verclsid
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 21.04
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1199 - Trusted Relationship
- T1209 - Time Providers
MITREへのリンク →
Score: 27.37
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1193 - Spearphishing Attachment
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 19.86
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1059.010 - AutoHotKey & AutoIT
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 13.65
Matched TTPs:
- T1584.008 - Network Devices
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1209 - Time Providers
MITREへのリンク →
Score: 9.50
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 13.15
Matched TTPs:
- T1584.008 - Network Devices
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
Score: 21.96
Matched TTPs:
- T1584.008 - Network Devices
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1209 - Time Providers
MITREへのリンク →
Score: 18.83
Matched TTPs:
- T1584.008 - Network Devices
- T1038 - DLL Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 16.62
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 10.05
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1177 - LSASS Driver
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 19.94
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1199 - Trusted Relationship
- T1159 - Launch Agent
MITREへのリンク →
Score: 19.69
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1059.003 - Windows Command Shell
- T1132.002 - Non-Standard Encoding
- T1209 - Time Providers
MITREへのリンク →
Score: 13.72
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
MITREへのリンク →
Score: 18.56
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1518.002 - Backup Software Discovery
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1209 - Time Providers
MITREへのリンク →
Score: 32.77
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1558 - Steal or Forge Kerberos Tickets
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1592.002 - Software
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.39
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1059.010 - AutoHotKey & AutoIT
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
Score: 20.37
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1059.010 - AutoHotKey & AutoIT
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1209 - Time Providers
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1219.001 - IDE Tunneling
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 31.54
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1608.005 - Link Target
- T1564.002 - Hidden Users
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 64.11
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1183 - Image File Execution Options Injection
- T1683.001 - Written Content
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1506 - Web Session Cookie
- T1656 - Impersonation
- T1132.002 - Non-Standard Encoding
- T1003.003 - NTDS
MITREへのリンク →
Score: 12.47
Matched TTPs:
- T1606.002 - SAML Tokens
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 18.83
Matched TTPs:
- T1606.002 - SAML Tokens
- T1556.002 - Password Filter DLL
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 14.49
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1584.005 - Botnet
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 7.48
Matched TTPs:
- T1606.002 - SAML Tokens
- T1608.002 - Upload Tool
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 10.83
Matched TTPs:
- T1606.002 - SAML Tokens
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 7.92
Matched TTPs:
- T1606.002 - SAML Tokens
- T1558 - Steal or Forge Kerberos Tickets
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 11.12
Matched TTPs:
- T1606.002 - SAML Tokens
- T1591.003 - Identify Business Tempo
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1209 - Time Providers
MITREへのリンク →
Score: 6.18
Matched TTPs:
- T1606.002 - SAML Tokens
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 39.76
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1569.001 - Launchctl
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1209 - Time Providers
- T1159 - Launch Agent
MITREへのリンク →
Score: 22.71
Matched TTPs:
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1519 - Emond
- T1209 - Time Providers
MITREへのリンク →
Score: 15.30
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1059.010 - AutoHotKey & AutoIT
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1564.002 - Hidden Users
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 33.50
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 15.38
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 9.62
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1059.010 - AutoHotKey & AutoIT
- T1045 - Software Packing
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 47.79
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1218.005 - Mshta
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
- T1588.005 - Exploits
MITREへのリンク →
Score: 14.96
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1218.005 - Mshta
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 11.98
Matched TTPs:
- T1063 - Security Software Discovery
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.33
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1159 - Launch Agent
MITREへのリンク →
Score: 10.86
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 11.67
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 27.26
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1209 - Time Providers
MITREへのリンク →
Score: 33.30
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1683 - Generate Content
- T1187 - Forced Authentication
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 27.01
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1139 - Bash History
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 18.83
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1657 - Financial Theft
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 17.91
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.00
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 18.77
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1218.008 - Odbcconf
- T1059 - Command and Scripting Interpreter
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
MITREへのリンク →
Score: 40.97
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1176 - Software Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1057 - Process Discovery
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1209 - Time Providers
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 5.16
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.21
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 18.40
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1506 - Web Session Cookie
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 21.92
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1557.003 - DHCP Spoofing
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 9.47
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 29.72
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1518.002 - Backup Software Discovery
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1159 - Launch Agent
MITREへのリンク →
Score: 13.51
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1051 - Shared Webroot
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.65
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1219.001 - IDE Tunneling
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 17.98
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1506 - Web Session Cookie
- T1209 - Time Providers
MITREへのリンク →
Score: 13.26
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1157 - Dylib Hijacking
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 10.65
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1209 - Time Providers
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 6.63
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1590.006 - Network Security Appliances
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.50
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 13.33
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 5.26
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1557.003 - DHCP Spoofing
MITREへのリンク →
Score: 14.05
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1506 - Web Session Cookie
- T1159 - Launch Agent
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1683 - Generate Content
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.28
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 8.28
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 16.23
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1132.002 - Non-Standard Encoding
MITREへのリンク →
Score: 10.10
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 9.35
Matched TTPs:
- T1558 - Steal or Forge Kerberos Tickets
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 23.04
Matched TTPs:
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1506 - Web Session Cookie
- T1209 - Time Providers
MITREへのリンク →
Score: 33.13
Matched TTPs:
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1218.008 - Odbcconf
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1564.003 - Hidden Window
- T1132.002 - Non-Standard Encoding
- T1588.005 - Exploits
MITREへのリンク →
Score: 6.84
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1209 - Time Providers
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
MITREへのリンク →
Score: 21.69
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1157 - Dylib Hijacking
- T1656 - Impersonation
- T1209 - Time Providers
- T1588.005 - Exploits
MITREへのリンク →
Score: 3.26
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.06
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.38
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1209 - Time Providers
MITREへのリンク →
Score: 12.04
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1506 - Web Session Cookie
- T1209 - Time Providers
MITREへのリンク →
Score: 3.19
Matched TTPs:
- T1045 - Software Packing
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 5.94
Matched TTPs:
- T1045 - Software Packing
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.39
Matched TTPs:
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1159 - Launch Agent
MITREへのリンク →
Score: 6.63
Matched TTPs:
- T1045 - Software Packing
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1136.002 - Domain Account
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 11.47
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 7.23
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.82
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.72
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1506 - Web Session Cookie
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.12
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.44
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1051 - Shared Webroot
- T1199 - Trusted Relationship
- T1209 - Time Providers
MITREへのリンク →
Score: 6.29
Matched TTPs:
- T1051 - Shared Webroot
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 4.11
Matched TTPs:
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1209 - Time Providers
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 8.18
Matched TTPs:
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1209 - Time Providers
MITREへのリンク →
Score: 3.19
Matched TTPs:
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1003.003 - NTDS
- T1608.005 - Link Target
- T1656 - Impersonation
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1608 - Stage Capabilities
- T1555.003 - Credentials from Web Browsers
- T1132.002 - Non-Standard Encoding
- T1557.003 - DHCP Spoofing
- T1219.001 - IDE Tunneling
- T1606.002 - SAML Tokens
- T1041 - Exfiltration Over C2 Channel
- T1597 - Search Closed Sources
- T1059.010 - AutoHotKey & AutoIT
- T1683.001 - Written Content
- T1183 - Image File Execution Options Injection
- T1218.012 - Verclsid
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1027.014 - Polymorphic Code
- T1087.004 - Cloud Account
- T1057 - Process Discovery
- T1566.002 - Spearphishing Link
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 0.65
Matched TTPs:
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1005 - Data from Local System
- T1558 - Steal or Forge Kerberos Tickets
- T1564.008 - Email Hiding Rules
- T1045 - Software Packing
- T1187 - Forced Authentication
- T1199 - Trusted Relationship
- T1193 - Spearphishing Attachment
- T1027 - Obfuscated Files or Information
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1219.001 - IDE Tunneling
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1183 - Image File Execution Options Injection
- T1573 - Encrypted Channel
- T1063 - Security Software Discovery
- T1087.004 - Cloud Account
- T1075 - Pass the Hash
- T1566.002 - Spearphishing Link
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1547.008 - LSASS Driver
- T1558 - Steal or Forge Kerberos Tickets
- T1221 - Template Injection
- T1608.005 - Link Target
- T1656 - Impersonation
- T1547.005 - Security Support Provider
- T1016 - System Network Configuration Discovery
- T1045 - Software Packing
- T1199 - Trusted Relationship
- T1044 - File System Permissions Weakness
- T1218.008 - Odbcconf
- T1219.001 - IDE Tunneling
- T1606.002 - SAML Tokens
- T1597 - Search Closed Sources
- T1059.006 - Python
- T1183 - Image File Execution Options Injection
- T1021.006 - Windows Remote Management
- T1087.004 - Cloud Account
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1209 - Time Providers
- T1045 - Software Packing
- T1199 - Trusted Relationship
- T1002 - Data Compressed
- T1027 - Obfuscated Files or Information
- T1177 - LSASS Driver
- T1219.001 - IDE Tunneling
- T1041 - Exfiltration Over C2 Channel
- T1208 - Kerberoasting
- T1539 - Steal Web Session Cookie
- T1584.008 - Network Devices
- T1590.006 - Network Security Appliances
- T1573 - Encrypted Channel
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1564.003 - Hidden Window
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design