TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
概要
TeamPCP launched a sophisticated attack on the Telnyx Python SDK, publishing malicious versions 4.87.1 and 4.87.2 to PyPI. The attack represents an evolution from their previous LiteLLM campaign, incorporating WAV-based steganography, split-file code injection, and expanded platform support. The payload, activated on import, uses stealthy techniques to download and execute credential-stealing malware across Linux, macOS, and Windows systems. Key changes include the use of audio steganography to hide malicious code, improved evasion through split-file injection, and the addition of Windows support with Startup folder persistence. The attackers shifted from HTTPS to plaintext HTTP infrastructure, potentially exposing their activities to network monitoring. Organizations are advised to downgrade to the last clean version and treat affected systems as compromised.
Created: 2026-05-01
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 17.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1590.006 - Network Security Appliances
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 17.58
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1038 - DLL Search Order Hijacking
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1027.016 - Junk Code Insertion
- T1051 - Shared Webroot
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 28.78
Matched TTPs:
- T1560.001 - Archive via Utility
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1057 - Process Discovery
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1668 - Exclusive Control
MITREへのリンク →
Score: 30.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1136.003 - Cloud Account
- T1203 - Exploitation for Client Execution
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 17.80
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.016 - Junk Code Insertion
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1059.003 - Windows Command Shell
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 15.58
Matched TTPs:
- T1560.001 - Archive via Utility
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1157 - Dylib Hijacking
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 9.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1051 - Shared Webroot
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 11.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 17.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 43.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1157 - Dylib Hijacking
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 23.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1562.011 - Spoof Security Alerting
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 29.89
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1057 - Process Discovery
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
- T1059.012 - Hypervisor CLI
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 26.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1176 - Software Extensions
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.45
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1547.015 - Login Items
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 48.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1654 - Log Enumeration
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.23
Matched TTPs:
- T1560.001 - Archive via Utility
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.77
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.19
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 24.90
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
- T1668 - Exclusive Control
- T1686.001 - Cloud Firewall
MITREへのリンク →
Score: 21.90
Matched TTPs:
- T1560.001 - Archive via Utility
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1218.001 - Compiled HTML File
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.99
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1668 - Exclusive Control
MITREへのリンク →
Score: 10.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 13.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 22.65
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.86
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1218.012 - Verclsid
MITREへのリンク →
Score: 5.88
Matched TTPs:
- T1491.002 - External Defacement
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.59
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.74
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1590.006 - Network Security Appliances
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.59
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.02
Matched TTPs:
- T1491.002 - External Defacement
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 11.52
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1157 - Dylib Hijacking
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.72
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 33.12
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1027.016 - Junk Code Insertion
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1057 - Process Discovery
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.60
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.20
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 14.51
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1562.012 - Disable or Modify Linux Audit System
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.94
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 5.70
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 18.54
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.94
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.52
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →
Score: 9.39
Matched TTPs:
- T1491.002 - External Defacement
- T1027 - Obfuscated Files or Information
- T1565.002 - Transmitted Data Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1505 - Server Software Component
MITREへのリンク →
Score: 15.87
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1562.011 - Spoof Security Alerting
MITREへのリンク →
Score: 3.83
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.69
Matched TTPs:
- T1491.002 - External Defacement
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 8.97
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 15.53
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1491.002 - External Defacement
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 28.60
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.002 - Software
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 29.08
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1039 - Data from Network Shared Drive
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 22.05
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1057 - Process Discovery
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 40.27
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1036.004 - Masquerade Task or Service
- T1218.012 - Verclsid
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1223 - Compiled HTML File
- T1555.004 - Windows Credential Manager
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 27.31
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1657 - Financial Theft
- T1654 - Log Enumeration
- T1041 - Exfiltration Over C2 Channel
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.08
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 11.79
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 19.21
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1562.012 - Disable or Modify Linux Audit System
- T1027.016 - Junk Code Insertion
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.72
Matched TTPs:
- T1606.002 - SAML Tokens
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 12.31
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 22.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
MITREへのリンク →
Score: 26.38
Matched TTPs:
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1057 - Process Discovery
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 46.93
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1019 - System Firmware
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1090.004 - Domain Fronting
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 15.00
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
- T1090.004 - Domain Fronting
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 22.44
Matched TTPs:
- T1063 - Security Software Discovery
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.47
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1027.016 - Junk Code Insertion
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 12.88
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.35
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1657 - Financial Theft
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 11.24
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.33
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.08
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 6.52
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.67
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.58
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.25
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1562.011 - Spoof Security Alerting
MITREへのリンク →
Score: 5.57
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1565.002 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 9.09
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.70
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.89
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.28
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 6.55
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.00
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.66
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.41
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1055.004 - Asynchronous Procedure Call
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1562.011 - Spoof Security Alerting
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 26.91
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.40
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 20.59
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.63
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 10.77
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 16.92
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1002 - Data Compressed
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1009 - Binary Padding
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 15.17
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1027.016 - Junk Code Insertion
- T1101 - Security Support Provider
- T1051 - Shared Webroot
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.55
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1019 - System Firmware
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.83
Matched TTPs:
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1547.015 - Login Items
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1606.002 - SAML Tokens
- T1218.012 - Verclsid
- T1057 - Process Discovery
- T1654 - Log Enumeration
- T1562.012 - Disable or Modify Linux Audit System
- T1051 - Shared Webroot
- T1590.006 - Network Security Appliances
- T1560.001 - Archive via Utility
- T1041 - Exfiltration Over C2 Channel
- T1668 - Exclusive Control
- T1009 - Binary Padding
- T1690 - Prevent Command History Logging
- T1197 - BITS Jobs
MITREへのリンク →
Score: 0.68
Matched TTPs:
- T1564.003 - Hidden Window
- T1039 - Data from Network Shared Drive
- T1685.004 - Disable or Modify Linux Audit System Log
- T1027 - Obfuscated Files or Information
- T1090.004 - Domain Fronting
- T1565.002 - Transmitted Data Manipulation
- T1027.002 - Software Packing
- T1597 - Search Closed Sources
- T1051 - Shared Webroot
- T1134 - Access Token Manipulation
- T1583.001 - Domains
- T1019 - System Firmware
- T1157 - Dylib Hijacking
- T1197 - BITS Jobs
- T1590.006 - Network Security Appliances
- T1566.002 - Spearphishing Link
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1564.003 - Hidden Window
- T1598.003 - Spearphishing Link
- T1027 - Obfuscated Files or Information
- T1574.002 - DLL Side-Loading
- T1140 - Deobfuscate/Decode Files or Information
- T1041 - Exfiltration Over C2 Channel
- T1562.012 - Disable or Modify Linux Audit System
- T1208 - Kerberoasting
- T1584.008 - Network Devices
- T1134 - Access Token Manipulation
- T1157 - Dylib Hijacking
- T1055.004 - Asynchronous Procedure Call
- T1177 - LSASS Driver
- T1590.006 - Network Security Appliances
- T1560.001 - Archive via Utility
- T1668 - Exclusive Control
- T1002 - Data Compressed
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1592.004 - Client Configurations
- T1039 - Data from Network Shared Drive
- T1598.003 - Spearphishing Link
- T1606.002 - SAML Tokens
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
- T1140 - Deobfuscate/Decode Files or Information
- T1223 - Compiled HTML File
- T1584.008 - Network Devices
- T1157 - Dylib Hijacking
- T1555.004 - Windows Credential Manager
- T1177 - LSASS Driver
- T1036.004 - Masquerade Task or Service
- T1027.016 - Junk Code Insertion
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design