EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), Target Selection, CDN-Like Beacons
概要
EtherRAT, a Node.js-based backdoor linked to a North Korean APT group, was detected in a retail customer's environment. It allows arbitrary command execution, extensive system information gathering, and asset theft. The malware uses 'EtherHiding' to store C2 addresses in Ethereum smart contracts, making infrastructure resilient to takedowns. It communicates using CDN-like beaconing to blend with normal traffic. Initial access varied, including ClickFix and IT Support scams via Microsoft Teams. A SYS_INFO module performs comprehensive host fingerprinting for target selection. The malware checks for CIS languages and self-destructs if found. It collects detailed system information, including hardware, software, and network details.
Created: 2026-04-26
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 11.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.64
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.00
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1560.001 - Archive via Utility
- T1045 - Software Packing
MITREへのリンク →
Score: 33.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1556.002 - Password Filter DLL
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 10.37
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 28.44
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.002 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1136.003 - Cloud Account
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 12.37
Matched TTPs:
- T1560.001 - Archive via Utility
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1587.003 - Digital Certificates
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 23.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1499.003 - Application Exhaustion Flood
- T1587.003 - Digital Certificates
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1685 - Disable or Modify Tools
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 10.48
Matched TTPs:
- T1560.001 - Archive via Utility
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.46
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 10.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.45
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 31.55
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 22.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.42
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.002 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1197 - BITS Jobs
- T1059.012 - Hypervisor CLI
- T1146 - Clear Command History
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1063 - Security Software Discovery
- T1176 - Software Extensions
- T1684 - Social Engineering
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.44
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
MITREへのリンク →
Score: 11.33
Matched TTPs:
- T1560.001 - Archive via Utility
- T1556.002 - Password Filter DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 30.60
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.84
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 20.61
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1102.002 - Bidirectional Communication
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 6.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 17.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 22.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1499.004 - Application or System Exploitation
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 35.00
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 15.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1601 - Modify System Image
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 23.59
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1045 - Software Packing
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 24.41
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1218.012 - Verclsid
- T1223 - Compiled HTML File
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 19.03
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1657 - Financial Theft
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 14.31
Matched TTPs:
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.91
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.37
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 22.37
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.70
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 20.05
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1574.014 - AppDomainManager
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.63
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1058 - Service Registry Permissions Weakness
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1159 - Launch Agent
MITREへのリンク →
Score: 21.45
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.88
Matched TTPs:
- T1587.003 - Digital Certificates
- T1140 - Deobfuscate/Decode Files or Information
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 39.10
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 11.56
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 27.43
Matched TTPs:
- T1063 - Security Software Discovery
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.48
Matched TTPs:
- T1063 - Security Software Discovery
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.00
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.59
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1584.005 - Botnet
MITREへのリンク →
Score: 8.73
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.08
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.27
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1657 - Financial Theft
MITREへのリンク →
Score: 16.49
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.80
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 18.93
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1045 - Software Packing
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.21
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
MITREへのリンク →
Score: 6.27
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1590.006 - Network Security Appliances
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 9.93
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1159 - Launch Agent
MITREへのリンク →
Score: 7.47
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 24.91
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1102.002 - Bidirectional Communication
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.86
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 10.77
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.97
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 19.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
MITREへのリンク →
Score: 8.35
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1001.001 - Junk Data
MITREへのリンク →
Score: 8.65
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.24
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 7.05
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 25.73
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.00
Matched TTPs:
- T1684 - Social Engineering
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1684 - Social Engineering
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.33
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1684 - Social Engineering
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 23.39
Matched TTPs:
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.38
Matched TTPs:
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1045 - Software Packing
- T1601 - Modify System Image
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.97
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.20
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 3.24
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.01
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 6.85
Matched TTPs:
- T1045 - Software Packing
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.50
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1218.012 - Verclsid
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.70
Matched TTPs:
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.39
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1197 - BITS Jobs
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1685.004 - Disable or Modify Linux Audit System Log
- T1597 - Search Closed Sources
- T1583.001 - Domains
- T1027 - Obfuscated Files or Information
- T1027.002 - Software Packing
- T1564.003 - Hidden Window
- T1566.002 - Spearphishing Link
- T1045 - Software Packing
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.018 - Invisible Unicode
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1555.003 - Credentials from Web Browsers
- T1587.003 - Digital Certificates
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
- T1566.002 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1045 - Software Packing
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
- T1560.001 - Archive via Utility
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1555.003 - Credentials from Web Browsers
- T1556.002 - Password Filter DLL
- T1176 - Software Extensions
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
- T1045 - Software Packing
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
- T1560.001 - Archive via Utility
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1027 - Obfuscated Files or Information
- T1584.008 - Network Devices
- T1574.002 - DLL Side-Loading
- T1564.003 - Hidden Window
- T1045 - Software Packing
- T1590.006 - Network Security Appliances
- T1684 - Social Engineering
- T1560.001 - Archive via Utility
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design