New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering
概要
A new backdoor, dubbed A0Backdoor, has been discovered in connection with a campaign using email bombing and IT-support impersonation over Microsoft Teams to gain Quick Assist access. The malware's loader exhibits anti-sandbox evasion techniques, and the campaign's command-and-control has shifted to a covert DNS mail exchange-based channel. This activity is attributed to the threat group Blitz Brigantine, also known as Storm-1811 or STAC5777, and shows similarities to Black Basta-linked social-engineering tactics. The attackers use digitally signed MSI packages, often hosted on Microsoft cloud storage, to deliver their proprietary tooling. The A0Backdoor employs sophisticated techniques such as time-based execution windows, runtime decryption, and DNS tunneling for covert communication. The campaign has been active since August 2025, targeting primarily the finance and health sectors.
Created: 2026-03-09
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 37.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1134.002 - Create Process with Token
- T1218.008 - Odbcconf
- T1059 - Command and Scripting Interpreter
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1122 - Component Object Model Hijacking
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 38.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 44.49
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1038 - DLL Search Order Hijacking
- T1059.009 - Cloud API
- T1003.001 - LSASS Memory
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1566.004 - Spearphishing Voice
- T1506 - Web Session Cookie
- T1556.009 - Conditional Access Policies
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 34.88
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1059.001 - PowerShell
- T1542.004 - ROMMONkit
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1656 - Impersonation
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1548.006 - TCC Manipulation
- T1588.005 - Exploits
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1560.001 - Archive via Utility
- T1045 - Software Packing
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 101.29
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1685.001 - Disable or Modify Windows Event Log
- T1560.003 - Archive via Custom Method
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1134.002 - Create Process with Token
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1102 - Web Service
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1584.002 - DNS Server
- T1065 - Uncommonly Used Port
- T1546.016 - Installer Packages
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
- T1548.006 - TCC Manipulation
- T1578.001 - Create Snapshot
- T1569.002 - Service Execution
MITREへのリンク →
Score: 15.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1136.002 - Domain Account
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1668 - Exclusive Control
MITREへのリンク →
Score: 85.64
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1037 - Boot or Logon Initialization Scripts
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1136.001 - Local Account
- T1092 - Communication Through Removable Media
- T1562.006 - Indicator Blocking
- T1677 - Poisoned Pipeline Execution
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1569.001 - Launchctl
- T1102 - Web Service
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1102.003 - One-Way Communication
- T1169 - Sudo
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1159 - Launch Agent
- T1071.001 - Web Protocols
- T1055.005 - Thread Local Storage
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 22.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1552.003 - Shell History
- T1583.006 - Web Services
- T1142 - Keychain
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 48.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1587.003 - Digital Certificates
- T1089 - Disabling Security Tools
- T1003.007 - Proc Filesystem
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1059.003 - Windows Command Shell
- T1132.002 - Non-Standard Encoding
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 8.29
Matched TTPs:
- T1560.001 - Archive via Utility
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.011 - Lua
MITREへのリンク →
Score: 37.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1033 - System Owner/User Discovery
- T1499.003 - Application Exhaustion Flood
- T1587.003 - Digital Certificates
- T1140 - Deobfuscate/Decode Files or Information
- T1175 - Component Object Model and Distributed COM
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1137.004 - Outlook Home Page
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 30.42
Matched TTPs:
- T1560.001 - Archive via Utility
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1499.002 - Service Exhaustion Flood
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1027.007 - Dynamic API Resolution
- T1569.002 - Service Execution
MITREへのリンク →
Score: 30.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1122 - Component Object Model Hijacking
- T1574.010 - Services File Permissions Weakness
- T1542.004 - ROMMONkit
- T1059.011 - Lua
- T1055.009 - Proc Memory
- T1209 - Time Providers
MITREへのリンク →
Score: 23.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1677 - Poisoned Pipeline Execution
- T1219.001 - IDE Tunneling
- T1102 - Web Service
- T1583.006 - Web Services
- T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →
Score: 19.78
Matched TTPs:
- T1560.001 - Archive via Utility
- T1033 - System Owner/User Discovery
- T1584.008 - Network Devices
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 26.05
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1059.011 - Lua
- T1174 - Password Filter DLL
- T1566.004 - Spearphishing Voice
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 81.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1539 - Steal Web Session Cookie
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1574.002 - DLL Side-Loading
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1037.001 - Logon Script (Windows)
- T1008 - Fallback Channels
MITREへのリンク →
Score: 53.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.012 - Print Processors
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1159 - Launch Agent
MITREへのリンク →
Score: 79.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1685.001 - Disable or Modify Windows Event Log
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1139 - Bash History
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1542.004 - ROMMONkit
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1146 - Clear Command History
- T1668 - Exclusive Control
- T1548.006 - TCC Manipulation
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 66.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1056.001 - Keylogging
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1059.010 - AutoHotKey & AutoIT
- T1059.009 - Cloud API
- T1003.001 - LSASS Memory
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1547.002 - Authentication Package
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1556.009 - Conditional Access Policies
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1134 - Access Token Manipulation
- T1578.001 - Create Snapshot
- T1569.002 - Service Execution
MITREへのリンク →
Score: 5.93
Matched TTPs:
- T1560.001 - Archive via Utility
- T1219.001 - IDE Tunneling
- T1542.004 - ROMMONkit
MITREへのリンク →
Score: 38.55
Matched TTPs:
- T1560.001 - Archive via Utility
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1592.004 - Client Configurations
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1542.004 - ROMMONkit
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
- T1578.001 - Create Snapshot
- T1008 - Fallback Channels
MITREへのリンク →
Score: 44.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1546.003 - Windows Management Instrumentation Event Subscription
- T1606 - Forge Web Credentials
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 100.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1583.005 - Botnet
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1092 - Communication Through Removable Media
- T1134.002 - Create Process with Token
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1552.003 - Shell History
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1059.011 - Lua
- T1027.014 - Polymorphic Code
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1030 - Data Transfer Size Limits
- T1506 - Web Session Cookie
- T1656 - Impersonation
- T1132.002 - Non-Standard Encoding
- T1668 - Exclusive Control
- T1003.003 - NTDS
- T1008 - Fallback Channels
MITREへのリンク →
Score: 24.41
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1089 - Disabling Security Tools
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1059.011 - Lua
- T1218.010 - Regsvr32
- T1578.002 - Create Cloud Instance
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 23.84
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.009 - Cloud API
- T1027.017 - SVG Smuggling
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 32.97
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1059.011 - Lua
- T1102.002 - Bidirectional Communication
- T1134 - Access Token Manipulation
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 22.18
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1059.009 - Cloud API
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1570 - Lateral Tool Transfer
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1569.002 - Service Execution
MITREへのリンク →
Score: 44.12
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1219.001 - IDE Tunneling
- T1552.003 - Shell History
- T1134.001 - Token Impersonation/Theft
- T1199 - Trusted Relationship
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1548.006 - TCC Manipulation
- T1686.001 - Cloud Firewall
- T1569.002 - Service Execution
MITREへのリンク →
Score: 46.96
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1087.002 - Domain Account
- T1089 - Disabling Security Tools
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
- T1059.011 - Lua
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 70.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1587.003 - Digital Certificates
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1070.003 - Clear Command History
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1134.002 - Create Process with Token
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1683 - Generate Content
- T1187 - Forced Authentication
- T1592.003 - Firmware
- T1547.002 - Authentication Package
- T1566.004 - Spearphishing Voice
- T1578.002 - Create Cloud Instance
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1098.002 - Additional Email Delegate Permissions
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 25.00
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1089 - Disabling Security Tools
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1102 - Web Service
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1668 - Exclusive Control
MITREへのリンク →
Score: 29.66
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1566.004 - Spearphishing Voice
- T1055.009 - Proc Memory
- T1209 - Time Providers
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 22.48
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1586.002 - Email Accounts
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1601 - Modify System Image
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.73
Matched TTPs:
- T1560.001 - Archive via Utility
- T1047 - Windows Management Instrumentation
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.45
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 54.27
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1547.012 - Print Processors
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1219.001 - IDE Tunneling
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1566.004 - Spearphishing Voice
- T1506 - Web Session Cookie
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 81.83
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1087.002 - Domain Account
- T1562.009 - Safe Mode Boot
- T1598.003 - Spearphishing Link
- T1547.012 - Print Processors
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1092 - Communication Through Removable Media
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1036.002 - Right-to-Left Override
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1562.010 - Downgrade Attack
- T1608 - Stage Capabilities
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1583.006 - Web Services
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1542.004 - ROMMONkit
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 62.49
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1092 - Communication Through Removable Media
- T1134.002 - Create Process with Token
- T1592.004 - Client Configurations
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1570 - Lateral Tool Transfer
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 46.28
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1685.001 - Disable or Modify Windows Event Log
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1554 - Compromise Host Software Binary
- T1055.014 - VDSO Hijacking
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
- T1592.003 - Firmware
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 23.44
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1089 - Disabling Security Tools
- T1583.005 - Botnet
- T1009 - Binary Padding
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1566.004 - Spearphishing Voice
- T1027.007 - Dynamic API Resolution
- T1569.002 - Service Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 67.43
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1606.002 - SAML Tokens
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1009 - Binary Padding
- T1011.001 - Exfiltration Over Bluetooth
- T1092 - Communication Through Removable Media
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1608.005 - Link Target
- T1583.006 - Web Services
- T1564.002 - Hidden Users
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1027.007 - Dynamic API Resolution
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 17.02
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1045 - Software Packing
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1505 - Server Software Component
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 10.15
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 77.98
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1070.008 - Clear Mailbox Data
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1547.011 - Plist Modification
- T1134.002 - Create Process with Token
- T1677 - Poisoned Pipeline Execution
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1583.006 - Web Services
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1209 - Time Providers
- T1055.005 - Thread Local Storage
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
- T1569.002 - Service Execution
MITREへのリンク →
Score: 92.72
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1134.002 - Create Process with Token
- T1193 - Spearphishing Attachment
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1049 - System Network Connections Discovery
- T1122 - Component Object Model Hijacking
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1187 - Forced Authentication
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1075 - Pass the Hash
- T1546.016 - Installer Packages
- T1134 - Access Token Manipulation
- T1111 - Multi-Factor Authentication Interception
- T1548.006 - TCC Manipulation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 23.99
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1003.007 - Proc Filesystem
- T1059.009 - Cloud API
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1570 - Lateral Tool Transfer
- T1546.016 - Installer Packages
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.82
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1036.002 - Right-to-Left Override
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 8.92
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1583.006 - Web Services
- T1570 - Lateral Tool Transfer
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 64.02
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1036.002 - Right-to-Left Override
- T1568 - Dynamic Resolution
- T1218.012 - Verclsid
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1608.006 - SEO Poisoning
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 49.66
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1562.009 - Safe Mode Boot
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1592.002 - Software
- T1570 - Lateral Tool Transfer
- T1556.009 - Conditional Access Policies
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 18.13
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1583.006 - Web Services
- T1059.011 - Lua
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 26.31
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.63
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1177 - LSASS Driver
- T1583.006 - Web Services
- T1027.014 - Polymorphic Code
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 43.13
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 27.55
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1059.009 - Cloud API
- T1677 - Poisoned Pipeline Execution
- T1175 - Component Object Model and Distributed COM
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1030 - Data Transfer Size Limits
- T1506 - Web Session Cookie
- T1132.002 - Non-Standard Encoding
MITREへのリンク →
Score: 60.42
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1584.008 - Network Devices
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1175 - Component Object Model and Distributed COM
- T1102 - Web Service
- T1059.001 - PowerShell
- T1056.002 - GUI Input Capture
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1656 - Impersonation
- T1519 - Emond
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1003.003 - NTDS
MITREへのリンク →
Score: 58.43
Matched TTPs:
- T1047 - Windows Management Instrumentation
- T1059.010 - AutoHotKey & AutoIT
- T1070.003 - Clear Command History
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1175 - Component Object Model and Distributed COM
- T1562.010 - Downgrade Attack
- T1606.001 - Web Cookies
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1566.004 - Spearphishing Voice
- T1102.002 - Bidirectional Communication
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 63.38
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1218.008 - Odbcconf
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1064 - Scripting
- T1552.003 - Shell History
- T1562.010 - Downgrade Attack
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1656 - Impersonation
- T1221 - Template Injection
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 21.24
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1132.001 - Standard Encoding
MITREへのリンク →
Score: 34.41
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
- T1175 - Component Object Model and Distributed COM
- T1057 - Process Discovery
- T1059.011 - Lua
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1027.007 - Dynamic API Resolution
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 72.80
Matched TTPs:
- T1216.001 - PubPrn
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1218.008 - Odbcconf
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1175 - Component Object Model and Distributed COM
- T1596.004 - CDNs
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1601 - Modify System Image
- T1592.003 - Firmware
- T1137.004 - Outlook Home Page
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
- T1132.002 - Non-Standard Encoding
- T1548.006 - TCC Manipulation
- T1588.005 - Exploits
MITREへのリンク →
Score: 68.61
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1560.003 - Archive via Custom Method
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1045 - Software Packing
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1552.003 - Shell History
- T1218.005 - Mshta
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
- T1548.006 - TCC Manipulation
- T1204.001 - Malicious Link
- T1588.005 - Exploits
MITREへのリンク →
Score: 14.10
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1574.010 - Services File Permissions Weakness
- T1056.002 - GUI Input Capture
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 18.63
Matched TTPs:
- T1539 - Steal Web Session Cookie
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1134.002 - Create Process with Token
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1562.011 - Spoof Security Alerting
MITREへのリンク →
Score: 31.33
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1608.005 - Link Target
- T1056.002 - GUI Input Capture
- T1039 - Data from Network Shared Drive
- T1547.002 - Authentication Package
- T1570 - Lateral Tool Transfer
- T1608.006 - SEO Poisoning
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 23.80
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 17.37
Matched TTPs:
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1570 - Lateral Tool Transfer
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 60.80
Matched TTPs:
- T1584.008 - Network Devices
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1059.009 - Cloud API
- T1193 - Spearphishing Attachment
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1531 - Account Access Removal
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1570 - Lateral Tool Transfer
- T1578.002 - Create Cloud Instance
- T1059.012 - Hypervisor CLI
- T1546.016 - Installer Packages
- T1134 - Access Token Manipulation
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 22.71
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1175 - Component Object Model and Distributed COM
- T1049 - System Network Connections Discovery
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 32.20
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1087.002 - Domain Account
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1583.006 - Web Services
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1065 - Uncommonly Used Port
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
MITREへのリンク →
Score: 25.72
Matched TTPs:
- T1587.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1562.004 - Disable or Modify System Firewall
- T1548 - Abuse Elevation Control Mechanism
- T1175 - Component Object Model and Distributed COM
- T1219.001 - IDE Tunneling
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 19.12
Matched TTPs:
- T1606.002 - SAML Tokens
- T1089 - Disabling Security Tools
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1584.005 - Botnet
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 14.33
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1009 - Binary Padding
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 10.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1558 - Steal or Forge Kerberos Tickets
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
MITREへのリンク →
Score: 6.76
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 36.94
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1586.002 - Email Accounts
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1583.006 - Web Services
- T1142 - Keychain
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1519 - Emond
- T1209 - Time Providers
MITREへのリンク →
Score: 29.45
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1586.002 - Email Accounts
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1209 - Time Providers
MITREへのリンク →
Score: 26.11
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 16.90
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1583.006 - Web Services
- T1059.011 - Lua
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 17.73
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1036.002 - Right-to-Left Override
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1683 - Generate Content
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 21.02
Matched TTPs:
- T1206 - Sudo Caching
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.009 - Cloud API
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1008 - Fallback Channels
MITREへのリンク →
Score: 11.27
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1552.003 - Shell History
- T1102.002 - Bidirectional Communication
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.002 - Authentication Package
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.71
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 11.24
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1036.002 - Right-to-Left Override
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 6.83
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 8.45
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.012 - Hypervisor CLI
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.80
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1199 - Trusted Relationship
- T1059.011 - Lua
MITREへのリンク →
Score: 20.18
Matched TTPs:
- T1087.002 - Domain Account
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1115 - Clipboard Data
- T1175 - Component Object Model and Distributed COM
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 26.19
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1003.001 - LSASS Memory
- T1219.001 - IDE Tunneling
- T1583.006 - Web Services
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1506 - Web Session Cookie
- T1209 - Time Providers
- T1159 - Launch Agent
MITREへのリンク →
Score: 6.38
Matched TTPs:
- T1087.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.64
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1199 - Trusted Relationship
- T1531 - Account Access Removal
MITREへのリンク →
Score: 12.25
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 15.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
MITREへのリンク →
Score: 13.50
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1578.001 - Create Snapshot
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.95
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →
Score: 34.49
Matched TTPs:
- T1087.002 - Domain Account
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1558 - Steal or Forge Kerberos Tickets
- T1196 - Control Panel Items
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1567.003 - Exfiltration to Text Storage Sites
- T1566.004 - Spearphishing Voice
- T1030 - Data Transfer Size Limits
- T1578.002 - Create Cloud Instance
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 19.92
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1056.002 - GUI Input Capture
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 12.70
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
- T1612 - Build Image on Host
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 20.17
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1134.002 - Create Process with Token
- T1064 - Scripting
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1087.002 - Domain Account
- T1089 - Disabling Security Tools
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 3.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.85
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →
Score: 7.71
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 12.16
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 20.11
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1584.002 - DNS Server
- T1506 - Web Session Cookie
- T1159 - Launch Agent
MITREへのリンク →
Score: 12.48
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1547.011 - Plist Modification
- T1059.001 - PowerShell
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 15.78
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1136.002 - Domain Account
- T1583.006 - Web Services
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 39.25
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1675 - ESXi Administration Command
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1009 - Binary Padding
- T1059.009 - Cloud API
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1583.006 - Web Services
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1506 - Web Session Cookie
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 8.03
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1583.006 - Web Services
MITREへのリンク →
Score: 6.98
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 25.21
Matched TTPs:
- T1087.002 - Domain Account
- T1562.009 - Safe Mode Boot
- T1598.003 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1219.001 - IDE Tunneling
- T1064 - Scripting
- T1583.006 - Web Services
- T1564.002 - Hidden Users
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 4.52
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 12.45
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1059.009 - Cloud API
- T1547.011 - Plist Modification
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 8.81
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 8.98
Matched TTPs:
- T1087.002 - Domain Account
- T1598.003 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1209 - Time Providers
MITREへのリンク →
Score: 31.23
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1218.005 - Mshta
- T1583.006 - Web Services
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1102.002 - Bidirectional Communication
- T1506 - Web Session Cookie
- T1055.009 - Proc Memory
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.17
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1089 - Disabling Security Tools
MITREへのリンク →
Score: 11.10
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1134.002 - Create Process with Token
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 10.56
Matched TTPs:
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1059.011 - Lua
- T1209 - Time Providers
MITREへのリンク →
Score: 6.77
Matched TTPs:
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.04
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1583.006 - Web Services
MITREへのリンク →
Score: 12.78
Matched TTPs:
- T1583.005 - Botnet
- T1586.002 - Email Accounts
- T1199 - Trusted Relationship
- T1213.003 - Code Repositories
- T1209 - Time Providers
MITREへのリンク →
Score: 25.62
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1612 - Build Image on Host
- T1583.006 - Web Services
- T1597 - Search Closed Sources
- T1059.011 - Lua
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1008 - Fallback Channels
MITREへのリンク →
Score: 13.02
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1122 - Component Object Model Hijacking
- T1562.013 - Disable or Modify Network Device Firewall
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 8.19
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1002 - Data Compressed
MITREへのリンク →
Score: 9.60
Matched TTPs:
- T1586.002 - Email Accounts
- T1009 - Binary Padding
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 8.97
Matched TTPs:
- T1055.003 - Thread Execution Hijacking
- T1045 - Software Packing
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 6.56
Matched TTPs:
- T1547.011 - Plist Modification
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.76
Matched TTPs:
- T1101 - Security Support Provider
- T1219.001 - IDE Tunneling
- T1199 - Trusted Relationship
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 8.15
Matched TTPs:
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
Score: 11.77
Matched TTPs:
- T1045 - Software Packing
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1036.002 - Right-to-Left Override
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1552.003 - Shell History
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1552.003 - Shell History
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1566.004 - Spearphishing Voice
MITREへのリンク →
Score: 3.19
Matched TTPs:
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1584.002 - DNS Server
- T1039 - Data from Network Shared Drive
- T1059.010 - AutoHotKey & AutoIT
- T1547.005 - Security Support Provider
- T1548.006 - TCC Manipulation
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1569.002 - Service Execution
- T1488 - Disk Content Wipe
- T1570 - Lateral Tool Transfer
- T1560.003 - Archive via Custom Method
- T1057 - Process Discovery
- T1102 - Web Service
- T1685.001 - Disable or Modify Windows Event Log
- T1070.008 - Clear Mailbox Data
- T1134 - Access Token Manipulation
- T1047 - Windows Management Instrumentation
- T1199 - Trusted Relationship
- T1578.001 - Create Snapshot
- T1566.004 - Spearphishing Voice
- T1045 - Software Packing
- T1574.002 - DLL Side-Loading
- T1049 - System Network Connections Discovery
- T1560.001 - Archive via Utility
- T1065 - Uncommonly Used Port
- T1070.006 - Timestomp
- T1219.001 - IDE Tunneling
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1209 - Time Providers
- T1583.006 - Web Services
- T1157 - Dylib Hijacking
- T1056.002 - GUI Input Capture
- T1176 - Software Extensions
- T1546.016 - Installer Packages
- T1102.003 - One-Way Communication
- T1159 - Launch Agent
- T1134.002 - Create Process with Token
MITREへのリンク →
Score: 0.69
Matched TTPs:
- T1562.013 - Disable or Modify Network Device Firewall
- T1059.010 - AutoHotKey & AutoIT
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1091 - Replication Through Removable Media
- T1570 - Lateral Tool Transfer
- T1057 - Process Discovery
- T1092 - Communication Through Removable Media
- T1041 - Exfiltration Over C2 Channel
- T1583.005 - Botnet
- T1656 - Impersonation
- T1506 - Web Session Cookie
- T1037 - Boot or Logon Initialization Scripts
- T1199 - Trusted Relationship
- T1598.003 - Spearphishing Link
- T1606.002 - SAML Tokens
- T1608 - Stage Capabilities
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1003.003 - NTDS
- T1087.002 - Domain Account
- T1008 - Fallback Channels
- T1219.001 - IDE Tunneling
- T1140 - Deobfuscate/Decode Files or Information
- T1218.012 - Verclsid
- T1033 - System Owner/User Discovery
- T1566.002 - Spearphishing Link
- T1059.009 - Cloud API
- T1583.006 - Web Services
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1547.002 - Authentication Package
- T1059.011 - Lua
- T1134.002 - Create Process with Token
- T1668 - Exclusive Control
- T1055.014 - VDSO Hijacking
- T1027.014 - Polymorphic Code
- T1030 - Data Transfer Size Limits
- T1132.002 - Non-Standard Encoding
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1005 - Data from Local System
- T1059.010 - AutoHotKey & AutoIT
- T1548.006 - TCC Manipulation
- T1558 - Steal or Forge Kerberos Tickets
- T1187 - Forced Authentication
- T1193 - Spearphishing Attachment
- T1091 - Replication Through Removable Media
- T1564.008 - Email Hiding Rules
- T1583.005 - Botnet
- T1562.004 - Disable or Modify System Firewall
- T1204.001 - Malicious Link
- T1134 - Access Token Manipulation
- T1075 - Pass the Hash
- T1047 - Windows Management Instrumentation
- T1199 - Trusted Relationship
- T1598.003 - Spearphishing Link
- T1566.004 - Spearphishing Voice
- T1586.002 - Email Accounts
- T1045 - Software Packing
- T1606.002 - SAML Tokens
- T1111 - Multi-Factor Authentication Interception
- T1049 - System Network Connections Discovery
- T1087.002 - Domain Account
- T1122 - Component Object Model Hijacking
- T1219.001 - IDE Tunneling
- T1140 - Deobfuscate/Decode Files or Information
- T1033 - System Owner/User Discovery
- T1566.002 - Spearphishing Link
- T1157 - Dylib Hijacking
- T1546.016 - Installer Packages
- T1102.003 - One-Way Communication
- T1547.002 - Authentication Package
- T1059.011 - Lua
- T1134.002 - Create Process with Token
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1055.005 - Thread Local Storage
- T1677 - Poisoned Pipeline Execution
- T1059.010 - AutoHotKey & AutoIT
- T1548.006 - TCC Manipulation
- T1091 - Replication Through Removable Media
- T1092 - Communication Through Removable Media
- T1612 - Build Image on Host
- T1102 - Web Service
- T1134 - Access Token Manipulation
- T1562.006 - Indicator Blocking
- T1037 - Boot or Logon Initialization Scripts
- T1047 - Windows Management Instrumentation
- T1199 - Trusted Relationship
- T1598.003 - Spearphishing Link
- T1606.002 - SAML Tokens
- T1608 - Stage Capabilities
- T1560.001 - Archive via Utility
- T1087.002 - Domain Account
- T1169 - Sudo
- T1219.001 - IDE Tunneling
- T1209 - Time Providers
- T1218.012 - Verclsid
- T1566.002 - Spearphishing Link
- T1136.001 - Local Account
- T1583.006 - Web Services
- T1089 - Disabling Security Tools
- T1608.005 - Link Target
- T1569.001 - Launchctl
- T1102.003 - One-Way Communication
- T1159 - Launch Agent
- T1059.011 - Lua
- T1071.001 - Web Protocols
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1175 - Component Object Model and Distributed COM
- T1059.010 - AutoHotKey & AutoIT
- T1562.009 - Safe Mode Boot
- T1597 - Search Closed Sources
- T1091 - Replication Through Removable Media
- T1554 - Compromise Host Software Binary
- T1570 - Lateral Tool Transfer
- T1092 - Communication Through Removable Media
- T1612 - Build Image on Host
- T1061 - Graphical User Interface
- T1542.004 - ROMMONkit
- T1506 - Web Session Cookie
- T1047 - Windows Management Instrumentation
- T1199 - Trusted Relationship
- T1598.003 - Spearphishing Link
- T1562.010 - Downgrade Attack
- T1045 - Software Packing
- T1036.002 - Right-to-Left Override
- T1608 - Stage Capabilities
- T1087.002 - Domain Account
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1059.009 - Cloud API
- T1583.006 - Web Services
- T1056.002 - GUI Input Capture
- T1547.012 - Print Processors
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1059.011 - Lua
- T1059.013 - Container CLI/API
- T1055.014 - VDSO Hijacking
- T1606.001 - Web Cookies
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1548.006 - TCC Manipulation
- T1027.007 - Dynamic API Resolution
- T1539 - Steal Web Session Cookie
- T1570 - Lateral Tool Transfer
- T1560.003 - Archive via Custom Method
- T1041 - Exfiltration Over C2 Channel
- T1562.004 - Disable or Modify System Firewall
- T1134 - Access Token Manipulation
- T1047 - Windows Management Instrumentation
- T1199 - Trusted Relationship
- T1598.003 - Spearphishing Link
- T1566.004 - Spearphishing Voice
- T1045 - Software Packing
- T1574.002 - DLL Side-Loading
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
- T1037.001 - Logon Script (Windows)
- T1008 - Fallback Channels
- T1219.001 - IDE Tunneling
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1564.003 - Hidden Window
- T1209 - Time Providers
- T1089 - Disabling Security Tools
- T1157 - Dylib Hijacking
- T1584.008 - Network Devices
- T1059.011 - Lua
- T1668 - Exclusive Control
- T1573 - Encrypted Channel
- T1030 - Data Transfer Size Limits
- T1002 - Data Compressed
- T1218.010 - Regsvr32
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design