Unmasking an Attack Chain of MuddyWater
概要
An intrusion attributed to MuddyWater, an Iranian-linked APT, was identified in a customer environment. The attack involved initial access through RDP, establishing an SSH tunnel, and deploying malware via DLL side-loading. The threat actor used FMAPP.exe, a legitimate Fortemedia Inc. application, to load a malicious FMAPP.dll for C2 communications. The timeline of activities revealed typos in commands, suggesting manual typing by the attacker. The intrusion included reconnaissance efforts, attempts to verify tunnel functionality, and issues with initial C2 communication. The attack targeted an Israeli company, aligning with known MuddyWater tactics.
Created: 2026-03-09
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 47.50
Matched TTPs:
- T1027.009 - Embedded Payloads
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1010 - Application Window Discovery
- T1090.002 - External Proxy
- T1589.002 - Email Addresses
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1574.013 - KernelCallbackTable
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1027.007 - Dynamic API Resolution
- T1055.001 - Dynamic-link Library Injection
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1027.009 - Embedded Payloads
MITREへのリンク →
Score: 16.06
Matched TTPs:
- T1027.009 - Embedded Payloads
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1589.002 - Email Addresses
MITREへのリンク →
Score: 9.47
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1203 - Exploitation for Client Execution
- T1518 - Software Discovery
MITREへのリンク →
Score: 6.33
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1083 - File and Directory Discovery
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 3.09
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 5.95
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.09
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 35.75
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1083 - File and Directory Discovery
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1498 - Network Denial of Service
- T1137.002 - Office Test
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 5.70
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1083 - File and Directory Discovery
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 18.46
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1534 - Internal Spearphishing
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 17.29
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1574.001 - DLL
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1203 - Exploitation for Client Execution
- T1518 - Software Discovery
MITREへのリンク →
Score: 20.71
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1083 - File and Directory Discovery
- T1078 - Valid Accounts
- T1546.010 - AppInit DLLs
- T1070.004 - File Deletion
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 9.38
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1589.002 - Email Addresses
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 5.06
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 16.99
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1553.005 - Mark-of-the-Web Bypass
- T1562.001 - Disable or Modify Tools
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1203 - Exploitation for Client Execution
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 15.92
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
MITREへのリンク →
Score: 19.74
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 12.91
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1016.001 - Internet Connection Discovery
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 6.09
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1140 - Deobfuscate/Decode Files or Information
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 21.97
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1016.001 - Internet Connection Discovery
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 13.79
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1090 - Proxy
- T1134 - Access Token Manipulation
- T1574.012 - COR_PROFILER
MITREへのリンク →
Score: 16.51
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1518 - Software Discovery
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 25.40
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1593.003 - Code Repositories
- T1090 - Proxy
- T1204.005 - Malicious Library
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
- T1204.004 - Malicious Copy and Paste
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
MITREへのリンク →
Score: 21.84
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1090.002 - External Proxy
- T1083 - File and Directory Discovery
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1070.004 - File Deletion
MITREへのリンク →
Score: 6.92
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
MITREへのリンク →
Score: 21.43
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1219 - Remote Access Tools
- T1595.002 - Vulnerability Scanning
- T1610 - Deploy Container
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1562.001 - Disable or Modify Tools
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 23.17
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1219 - Remote Access Tools
- T1505.003 - Web Shell
- T1218.001 - Compiled HTML File
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 27.75
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1574.001 - DLL
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1027.016 - Junk Code Insertion
- T1589.002 - Email Addresses
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1036.003 - Rename Legitimate Utilities
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 21.30
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1583.002 - DNS Server
- T1608.001 - Upload Malware
- T1010 - Application Window Discovery
- T1589.002 - Email Addresses
- T1534 - Internal Spearphishing
- T1518 - Software Discovery
MITREへのリンク →
Score: 29.78
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1546.008 - Accessibility Features
- T1553.005 - Mark-of-the-Web Bypass
- T1218.005 - Mshta
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 36.28
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1559.001 - Component Object Model
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1027.016 - Junk Code Insertion
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1070.004 - File Deletion
MITREへのリンク →
Score: 10.82
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1083 - File and Directory Discovery
- T1134 - Access Token Manipulation
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 18.20
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 17.49
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1589.002 - Email Addresses
- T1593.003 - Code Repositories
- T1083 - File and Directory Discovery
MITREへのリンク →
Score: 20.16
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1587.001 - Malware
- T1140 - Deobfuscate/Decode Files or Information
- T1055 - Process Injection
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1055.001 - Dynamic-link Library Injection
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 30.17
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1010 - Application Window Discovery
- T1505.003 - Web Shell
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1518 - Software Discovery
- T1596.005 - Scan Databases
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 7.61
Matched TTPs:
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1036.003 - Rename Legitimate Utilities
MITREへのリンク →
Score: 18.30
Matched TTPs:
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.004 - Server
- T1090.002 - External Proxy
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
MITREへのリンク →
Score: 26.47
Matched TTPs:
- T1003.002 - Security Account Manager
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1598.002 - Spearphishing Attachment
- T1071.002 - File Transfer Protocols
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 14.29
Matched TTPs:
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1078 - Valid Accounts
MITREへのリンク →
Score: 9.19
Matched TTPs:
- T1003.002 - Security Account Manager
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 41.24
Matched TTPs:
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1595.002 - Vulnerability Scanning
- T1546.008 - Accessibility Features
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1071.002 - File Transfer Protocols
- T1218.001 - Compiled HTML File
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1595.003 - Wordlist Scanning
- T1213.003 - Code Repositories
- T1070.004 - File Deletion
- T1596.005 - Scan Databases
MITREへのリンク →
Score: 14.81
Matched TTPs:
- T1003.002 - Security Account Manager
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1070.004 - File Deletion
MITREへのリンク →
Score: 19.87
Matched TTPs:
- T1003.002 - Security Account Manager
- T1055 - Process Injection
- T1518.002 - Backup Software Discovery
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 19.68
Matched TTPs:
- T1003.002 - Security Account Manager
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 13.62
Matched TTPs:
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 11.52
Matched TTPs:
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 40.94
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1583.004 - Server
- T1027.016 - Junk Code Insertion
- T1589.002 - Email Addresses
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1071.002 - File Transfer Protocols
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
MITREへのリンク →
Score: 5.32
Matched TTPs:
- T1587.001 - Malware
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
MITREへのリンク →
Score: 10.96
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 10.95
Matched TTPs:
- T1587.001 - Malware
- T1574.001 - DLL
- T1608.001 - Upload Malware
- T1083 - File and Directory Discovery
- T1608.005 - Link Target
MITREへのリンク →
Score: 38.64
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1583.004 - Server
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1499 - Endpoint Denial of Service
- T1070.004 - File Deletion
MITREへのリンク →
Score: 8.10
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1602.002 - Network Device Configuration Dump
MITREへのリンク →
Score: 9.47
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 4.89
Matched TTPs:
- T1587.001 - Malware
- T1083 - File and Directory Discovery
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1587.001 - Malware
- T1083 - File and Directory Discovery
- T1070.004 - File Deletion
MITREへのリンク →
Score: 45.89
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1505.003 - Web Shell
- T1176.002 - IDE Extensions
- T1027.016 - Junk Code Insertion
- T1219.001 - IDE Tunneling
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1678 - Delay Execution
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1518 - Software Discovery
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 28.03
Matched TTPs:
- T1587.001 - Malware
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1546.011 - Application Shimming
- T1027.016 - Junk Code Insertion
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
MITREへのリンク →
Score: 20.11
Matched TTPs:
- T1652 - Device Driver Discovery
- T1559.001 - Component Object Model
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 30.10
Matched TTPs:
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1598.004 - Spearphishing Voice
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1204 - User Execution
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1213.003 - Code Repositories
- T1538 - Cloud Service Dashboard
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1484.002 - Trust Modification
- T1190 - Exploit Public-Facing Application
MITREへのリンク →
Score: 10.25
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1589.002 - Email Addresses
- T1608.005 - Link Target
- T1078 - Valid Accounts
MITREへのリンク →
Score: 7.31
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 9.48
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1598.002 - Spearphishing Attachment
- T1078 - Valid Accounts
MITREへのリンク →
Score: 7.51
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1505.003 - Web Shell
- T1583.004 - Server
MITREへのリンク →
Score: 8.37
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1574.001 - DLL
- T1083 - File and Directory Discovery
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 34.13
Matched TTPs:
- T1559.001 - Component Object Model
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1218.003 - CMSTP
- T1090.002 - External Proxy
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1027.004 - Compile After Delivery
- T1518 - Software Discovery
MITREへのリンク →
Score: 5.84
Matched TTPs:
- T1574.001 - DLL
- T1083 - File and Directory Discovery
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 8.54
Matched TTPs:
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1090 - Proxy
- T1078 - Valid Accounts
MITREへのリンク →
Score: 14.35
Matched TTPs:
- T1574.001 - DLL
- T1055 - Process Injection
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1090.001 - Internal Proxy
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 10.49
Matched TTPs:
- T1574.001 - DLL
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1210 - Exploitation of Remote Services
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1574.001 - DLL
- T1595.002 - Vulnerability Scanning
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1574.001 - DLL
- T1070.004 - File Deletion
MITREへのリンク →
Score: 20.05
Matched TTPs:
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1583.004 - Server
- T1090 - Proxy
- T1218.005 - Mshta
- T1210 - Exploitation of Remote Services
MITREへのリンク →
Score: 12.02
Matched TTPs:
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1518 - Software Discovery
MITREへのリンク →
Score: 11.94
Matched TTPs:
- T1574.001 - DLL
- T1090.002 - External Proxy
- T1546.008 - Accessibility Features
- T1083 - File and Directory Discovery
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 4.70
Matched TTPs:
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 12.42
Matched TTPs:
- T1574.001 - DLL
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1518 - Software Discovery
MITREへのリンク →
Score: 7.90
Matched TTPs:
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 4.85
Matched TTPs:
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 26.46
Matched TTPs:
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1553.005 - Mark-of-the-Web Bypass
- T1218.005 - Mshta
- T1218.001 - Compiled HTML File
- T1562.001 - Disable or Modify Tools
- T1036.003 - Rename Legitimate Utilities
- T1070.004 - File Deletion
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 6.93
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1083 - File and Directory Discovery
MITREへのリンク →
Score: 16.43
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 9.84
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1070.004 - File Deletion
MITREへのリンク →
Score: 5.26
Matched TTPs:
- T1608.001 - Upload Malware
- T1583.004 - Server
MITREへのリンク →
Score: 4.31
Matched TTPs:
- T1608.001 - Upload Malware
- T1218.005 - Mshta
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1608.001 - Upload Malware
- T1589.002 - Email Addresses
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1595.003 - Wordlist Scanning
MITREへのリンク →
Score: 8.66
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 10.35
Matched TTPs:
- T1558 - Steal or Forge Kerberos Tickets
- T1219 - Remote Access Tools
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1219 - Remote Access Tools
- T1078 - Valid Accounts
MITREへのリンク →
Score: 12.06
Matched TTPs:
- T1219 - Remote Access Tools
- T1055 - Process Injection
- T1218.003 - CMSTP
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
MITREへのリンク →
Score: 11.45
Matched TTPs:
- T1055 - Process Injection
- T1090.002 - External Proxy
- T1218.001 - Compiled HTML File
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1055 - Process Injection
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1055 - Process Injection
- T1056.004 - Credential API Hooking
MITREへのリンク →
Score: 5.05
Matched TTPs:
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1090.002 - External Proxy
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1589.002 - Email Addresses
- T1218.005 - Mshta
MITREへのリンク →
Score: 22.24
Matched TTPs:
- T1589.002 - Email Addresses
- T1598.004 - Spearphishing Voice
- T1593.003 - Code Repositories
- T1090 - Proxy
- T1204 - User Execution
- T1078 - Valid Accounts
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 6.39
Matched TTPs:
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1518 - Software Discovery
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1090 - Proxy
- T1078 - Valid Accounts
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1071.002 - File Transfer Protocols
MITREへのリンク →
Score: 8.45
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1134 - Access Token Manipulation
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1574.001 - DLL
- T1203 - Exploitation for Client Execution
- T1036.003 - Rename Legitimate Utilities
- T1587.001 - Malware
- T1562.001 - Disable or Modify Tools
- T1090.002 - External Proxy
- T1027.007 - Dynamic API Resolution
- T1574.013 - KernelCallbackTable
- T1589.002 - Email Addresses
- T1218.005 - Mshta
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1090.001 - Internal Proxy
- T1055.001 - Dynamic-link Library Injection
- T1140 - Deobfuscate/Decode Files or Information
- T1010 - Application Window Discovery
- T1083 - File and Directory Discovery
- T1027.013 - Encrypted/Encoded File
- T1027.009 - Embedded Payloads
MITREへのリンク →
Score: 0.68
Matched TTPs:
- T1027.016 - Junk Code Insertion
- T1218.005 - Mshta
- T1518 - Software Discovery
- T1176.002 - IDE Extensions
- T1598.003 - Spearphishing Link
- T1505.003 - Web Shell
- T1027.007 - Dynamic API Resolution
- T1574.001 - DLL
- T1070.004 - File Deletion
- T1203 - Exploitation for Client Execution
- T1678 - Delay Execution
- T1608.001 - Upload Malware
- T1219.001 - IDE Tunneling
- T1587.001 - Malware
- T1083 - File and Directory Discovery
- T1027.012 - LNK Icon Smuggling
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1546.008 - Accessibility Features
- T1596.005 - Scan Databases
- T1055 - Process Injection
- T1595.002 - Vulnerability Scanning
- T1071.002 - File Transfer Protocols
- T1574.001 - DLL
- T1218.001 - Compiled HTML File
- T1213.003 - Code Repositories
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1595.003 - Wordlist Scanning
- T1003.002 - Security Account Manager
- T1083 - File and Directory Discovery
- T1090 - Proxy
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1027.016 - Junk Code Insertion
- T1218.005 - Mshta
- T1055 - Process Injection
- T1598.003 - Spearphishing Link
- T1505.003 - Web Shell
- T1583.004 - Server
- T1027.012 - LNK Icon Smuggling
- T1071.002 - File Transfer Protocols
- T1070.004 - File Deletion
- T1608.001 - Upload Malware
- T1587.001 - Malware
- T1083 - File and Directory Discovery
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1589.002 - Email Addresses
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1078 - Valid Accounts
- T1499 - Endpoint Denial of Service
- T1598.003 - Spearphishing Link
- T1505.003 - Web Shell
- T1595.002 - Vulnerability Scanning
- T1583.004 - Server
- T1195 - Supply Chain Compromise
- T1070.004 - File Deletion
- T1203 - Exploitation for Client Execution
- T1608.001 - Upload Malware
- T1587.001 - Malware
- T1083 - File and Directory Discovery
- T1090 - Proxy
- T1589.002 - Email Addresses
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design