A cunning predator: How Silver Fox preys on Japanese firms this tax season
概要
Silver Fox, a threat actor, is exploiting Japan's tax filing and organizational change season with a targeted spearphishing campaign against Japanese businesses. The group sends convincing phishing emails related to tax compliance, salary adjustments, and HR matters, tricking recipients into opening malicious links or attachments. The campaign capitalizes on the high volume of legitimate financial and HR communications during this period, increasing the risk of compromise. Silver Fox has expanded its targets from Chinese-speaking entities to Southeast Asia, Japan, and potentially North America. The group uses ValleyRAT, a remote access trojan, to gain control of compromised machines and steal sensitive information. To protect against this threat, organizations should increase vigilance, reinforce awareness about phishing attempts, and verify the authenticity of tax- and HR-themed requests.
Created: 2026-04-28
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 29.06
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1491.002 - External Defacement
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 7.56
Matched TTPs:
- T1491.002 - External Defacement
- T1048 - Exfiltration Over Alternative Protocol
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.63
Matched TTPs:
- T1491.002 - External Defacement
- T1058 - Service Registry Permissions Weakness
MITREへのリンク →
Score: 26.95
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1058 - Service Registry Permissions Weakness
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1027.016 - Junk Code Insertion
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.61
Matched TTPs:
- T1491.002 - External Defacement
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1157 - Dylib Hijacking
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 13.83
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1055.014 - VDSO Hijacking
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.37
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.75
Matched TTPs:
- T1491.002 - External Defacement
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.56
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1009 - Binary Padding
- T1027.016 - Junk Code Insertion
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.76
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.10
Matched TTPs:
- T1491.002 - External Defacement
- T1583.005 - Botnet
- T1027.016 - Junk Code Insertion
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.18
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 9.91
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.43
Matched TTPs:
- T1491.002 - External Defacement
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 11.08
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 20.88
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 12.37
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 27.30
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.34
Matched TTPs:
- T1491.002 - External Defacement
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.76
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1505 - Server Software Component
MITREへのリンク →
Score: 17.84
Matched TTPs:
- T1491.002 - External Defacement
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1058 - Service Registry Permissions Weakness
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1491.002 - External Defacement
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 14.49
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.11
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 16.96
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.11
Matched TTPs:
- T1491.002 - External Defacement
- T1199 - Trusted Relationship
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 30.07
Matched TTPs:
- T1491.002 - External Defacement
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1574.014 - AppDomainManager
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 26.38
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.51
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1175 - Component Object Model and Distributed COM
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.87
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.66
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 31.68
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1027.016 - Junk Code Insertion
- T1177 - LSASS Driver
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1223 - Compiled HTML File
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.57
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 34.78
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1193 - Spearphishing Attachment
- T1175 - Component Object Model and Distributed COM
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1531 - Account Access Removal
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.30
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.91
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1027.016 - Junk Code Insertion
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 45.24
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 13.87
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 16.56
Matched TTPs:
- T1584.008 - Network Devices
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 26.57
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1027.016 - Junk Code Insertion
- T1175 - Component Object Model and Distributed COM
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1003.003 - NTDS
MITREへのリンク →
Score: 23.66
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1685 - Disable or Modify Tools
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 12.55
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1175 - Component Object Model and Distributed COM
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 22.86
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1027.016 - Junk Code Insertion
- T1055.004 - Asynchronous Procedure Call
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1065 - Uncommonly Used Port
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.41
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1027.016 - Junk Code Insertion
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1574 - Hijack Execution Flow
- T1134 - Access Token Manipulation
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.51
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 29.44
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1065 - Uncommonly Used Port
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 45.03
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1218.012 - Verclsid
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
MITREへのリンク →
Score: 9.20
Matched TTPs:
- T1606.002 - SAML Tokens
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 21.06
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1547.015 - Login Items
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 13.16
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 36.64
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1193 - Spearphishing Attachment
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.79
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 9.18
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.98
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 3.46
Matched TTPs:
- T1606.002 - SAML Tokens
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.31
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1176 - Software Extensions
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1136.003 - Cloud Account
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 39.25
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 20.36
Matched TTPs:
- T1063 - Security Software Discovery
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1027.016 - Junk Code Insertion
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.26
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 12.89
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1218.001 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 18.65
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1027.016 - Junk Code Insertion
- T1175 - Component Object Model and Distributed COM
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.36
Matched TTPs:
- T1583.005 - Botnet
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1583.005 - Botnet
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 28.53
Matched TTPs:
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1065 - Uncommonly Used Port
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 26.24
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1175 - Component Object Model and Distributed COM
- T1218.012 - Verclsid
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.48
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 25.86
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1175 - Component Object Model and Distributed COM
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.70
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 12.51
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 10.77
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.49
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.68
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.07
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.74
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 15.11
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.57
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1175 - Component Object Model and Distributed COM
- T1218.001 - Compiled HTML File
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
MITREへのリンク →
Score: 9.62
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 13.17
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.64
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 28.25
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.71
Matched TTPs:
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.22
Matched TTPs:
- T1684 - Social Engineering
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 28.30
Matched TTPs:
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1009 - Binary Padding
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 5.24
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.86
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 9.68
Matched TTPs:
- T1027.016 - Junk Code Insertion
- T1101 - Security Support Provider
- T1199 - Trusted Relationship
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.59
Matched TTPs:
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.97
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 6.53
Matched TTPs:
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 8.03
Matched TTPs:
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 9.61
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.82
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.98
Matched TTPs:
- T1199 - Trusted Relationship
- T1531 - Account Access Removal
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1157 - Dylib Hijacking
- T1574.002 - DLL Side-Loading
- T1562.004 - Disable or Modify System Firewall
- T1041 - Exfiltration Over C2 Channel
- T1564.003 - Hidden Window
- T1030 - Data Transfer Size Limits
- T1048 - Exfiltration Over Alternative Protocol
- T1684 - Social Engineering
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.003 - NTDS
- T1566.002 - Spearphishing Link
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1555.003 - Credentials from Web Browsers
- T1583.005 - Botnet
- T1055.014 - VDSO Hijacking
- T1041 - Exfiltration Over C2 Channel
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1009 - Binary Padding
- T1030 - Data Transfer Size Limits
- T1684 - Social Engineering
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.012 - Verclsid
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1547.005 - Security Support Provider
- T1027 - Obfuscated Files or Information
- T1566.002 - Spearphishing Link
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1685.004 - Disable or Modify Linux Audit System Log
- T1583.001 - Domains
- T1039 - Data from Network Shared Drive
- T1564.003 - Hidden Window
- T1030 - Data Transfer Size Limits
- T1019 - System Firmware
- T1027.002 - Software Packing
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1606.002 - SAML Tokens
- T1027 - Obfuscated Files or Information
- T1566.002 - Spearphishing Link
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1555.003 - Credentials from Web Browsers
- T1583.005 - Botnet
- T1157 - Dylib Hijacking
- T1562.004 - Disable or Modify System Firewall
- T1027.018 - Invisible Unicode
- T1063 - Security Software Discovery
- T1075 - Pass the Hash
- T1193 - Spearphishing Attachment
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design