South American telecommunication providers targeted with three new malware implants
概要
UAT-9244, a China-nexus advanced persistent threat actor, has been targeting critical telecommunications infrastructure in South America since 2024. The group employs three new malware implants: TernDoor, a Windows-based backdoor variant of CrowDoor; PeerTime, an ELF-based backdoor using BitTorrent protocol; and BruteEntry, a brute force scanner for SSH, Postgres, and Tomcat servers. UAT-9244 uses dynamic-link library side-loading, scheduled tasks, and registry modifications for persistence. The group is closely associated with FamousSparrow and Tropic Trooper, sharing similar tooling and tactics. Their infrastructure includes multiple command and control servers and operational relay boxes for scanning and brute-forcing activities.
Created: 2026-04-05
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 12.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.41
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 20.05
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1560.001 - Archive via Utility
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 17.71
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1560.001 - Archive via Utility
- T1045 - Software Packing
MITREへのリンク →
Score: 30.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1555.003 - Credentials from Web Browsers
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1574.002 - DLL Side-Loading
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 9.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 32.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1136.003 - Cloud Account
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.45
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 16.46
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 27.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1499.003 - Application Exhaustion Flood
- T1587.003 - Digital Certificates
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1157 - Dylib Hijacking
- T1685 - Disable or Modify Tools
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1606.002 - SAML Tokens
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.46
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 15.05
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 15.41
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 46.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 13.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 35.02
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.002 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1197 - BITS Jobs
- T1059.012 - Hypervisor CLI
- T1146 - Clear Command History
- T1588.003 - Code Signing Certificates
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 28.46
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1684 - Social Engineering
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 19.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1578.001 - Create Snapshot
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 13.31
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 44.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1218.012 - Verclsid
- T1552.003 - Shell History
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.01
Matched TTPs:
- T1560.001 - Archive via Utility
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 18.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.48
Matched TTPs:
- T1560.001 - Archive via Utility
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 19.67
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1552.003 - Shell History
- T1134.001 - Token Impersonation/Theft
- T1209 - Time Providers
MITREへのリンク →
Score: 21.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 36.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1683 - Generate Content
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 14.65
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1209 - Time Providers
MITREへのリンク →
Score: 15.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 27.45
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 33.45
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1218.012 - Verclsid
- T1157 - Dylib Hijacking
- T1683 - Generate Content
- T1223 - Compiled HTML File
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 30.24
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 24.01
Matched TTPs:
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 18.57
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 14.31
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1175 - Component Object Model and Distributed COM
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 19.08
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1055.004 - Asynchronous Procedure Call
- T1055.014 - VDSO Hijacking
- T1097 - Pass the Ticket
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.00
Matched TTPs:
- T1587.003 - Digital Certificates
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1175 - Component Object Model and Distributed COM
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.35
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1175 - Component Object Model and Distributed COM
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.72
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 34.39
Matched TTPs:
- T1606.002 - SAML Tokens
- T1608.001 - Upload Malware
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1209 - Time Providers
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 33.44
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1574.014 - AppDomainManager
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1592.002 - Software
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.31
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 27.64
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.65
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
MITREへのリンク →
Score: 7.67
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 16.82
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1209 - Time Providers
MITREへのリンク →
Score: 24.82
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 41.68
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1019 - System Firmware
- T1045 - Software Packing
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1090.004 - Domain Fronting
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 17.12
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1090.004 - Domain Fronting
MITREへのリンク →
Score: 12.37
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 9.85
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 29.04
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.48
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1657 - Financial Theft
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 13.63
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 25.07
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1218.012 - Verclsid
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.39
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 16.05
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1683 - Generate Content
- T1209 - Time Providers
MITREへのリンク →
Score: 9.93
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.10
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 7.47
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.53
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 5.59
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1683 - Generate Content
MITREへのリンク →
Score: 8.16
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.86
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.53
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1175 - Component Object Model and Distributed COM
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 12.54
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 6.74
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1209 - Time Providers
MITREへのリンク →
Score: 4.60
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.51
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 7.76
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1552.003 - Shell History
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 7.66
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1505 - Server Software Component
MITREへのリンク →
Score: 14.00
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1055.014 - VDSO Hijacking
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
MITREへのリンク →
Score: 28.25
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.43
Matched TTPs:
- T1684 - Social Engineering
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.72
Matched TTPs:
- T1684 - Social Engineering
- T1209 - Time Providers
- T1052 - Exfiltration Over Physical Medium
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1684 - Social Engineering
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.33
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1684 - Social Engineering
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1009 - Binary Padding
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 17.30
Matched TTPs:
- T1019 - System Firmware
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1157 - Dylib Hijacking
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.11
Matched TTPs:
- T1045 - Software Packing
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1045 - Software Packing
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 3.50
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.70
Matched TTPs:
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1552.003 - Shell History
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1097 - Pass the Ticket
- T1209 - Time Providers
MITREへのリンク →
Score: 5.49
Matched TTPs:
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.64
Matched TTPs:
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1157 - Dylib Hijacking
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 3.19
Matched TTPs:
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
Score: 7.90
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.07
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 6.72
Matched TTPs:
- T1052 - Exfiltration Over Physical Medium
- T1578.001 - Create Snapshot
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1134 - Access Token Manipulation
- T1560.001 - Archive via Utility
- T1684 - Social Engineering
- T1002 - Data Compressed
- T1041 - Exfiltration Over C2 Channel
- T1584.008 - Network Devices
- T1209 - Time Providers
- T1574.002 - DLL Side-Loading
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1027 - Obfuscated Files or Information
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1564.003 - Hidden Window
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 0.67
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1560.001 - Archive via Utility
- T1684 - Social Engineering
- T1041 - Exfiltration Over C2 Channel
- T1091 - Replication Through Removable Media
- T1552.003 - Shell History
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1027.018 - Invisible Unicode
- T1055.014 - VDSO Hijacking
- T1606.002 - SAML Tokens
- T1597 - Search Closed Sources
- T1197 - BITS Jobs
- T1003.007 - Proc Filesystem
- T1566.002 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1218.012 - Verclsid
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1134 - Access Token Manipulation
- T1685.004 - Disable or Modify Linux Audit System Log
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1019 - System Firmware
- T1197 - BITS Jobs
- T1566.002 - Spearphishing Link
- T1027.002 - Software Packing
- T1157 - Dylib Hijacking
- T1564.003 - Hidden Window
- T1027 - Obfuscated Files or Information
- T1045 - Software Packing
- T1030 - Data Transfer Size Limits
- T1090.004 - Domain Fronting
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design