Highly destructive Lotus Wiper used in a targeted attack
概要
A highly targeted destructive wiper campaign dubbed 'Lotus Wiper' was discovered targeting the energy and utilities sector in Venezuela during late 2025 and early 2026. The attack begins with batch scripts coordinating execution across networks using domain shares as trigger mechanisms. These scripts disable security services, lock out users, and prepare the environment for the final payload. The Lotus Wiper systematically destroys data by wiping physical drives with zeros, deleting restore points, clearing USN journals, and recursively deleting files. Unlike ransomware, this wiper has no financial motivation or ransom demands, designed purely for data destruction. Evidence suggests attackers maintained long-term domain access prior to the attack, with the wiper compiled months before deployment. The malware targets older Windows systems and uses legitimate system tools like diskpart, robocopy, and fsutil.
Created: 2026-04-21
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 11.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1039 - Data from Network Shared Drive
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1174 - Password Filter DLL
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1038 - DLL Search Order Hijacking
- T1597 - Search Closed Sources
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 9.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1562.012 - Disable or Modify Linux Audit System
- T1051 - Shared Webroot
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 20.06
Matched TTPs:
- T1560.001 - Archive via Utility
- T1491.002 - External Defacement
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1051 - Shared Webroot
- T1097 - Pass the Ticket
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1560.001 - Archive via Utility
- T1045 - Software Packing
MITREへのリンク →
Score: 40.19
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1057 - Process Discovery
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1065 - Uncommonly Used Port
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 9.55
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1591.004 - Identify Roles
- T1668 - Exclusive Control
MITREへのリンク →
Score: 16.73
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1136.003 - Cloud Account
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 14.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 12.89
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1097 - Pass the Ticket
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1560.001 - Archive via Utility
- T1562.012 - Disable or Modify Linux Audit System
- T1051 - Shared Webroot
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 16.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1165 - Startup Items
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 12.47
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1174 - Password Filter DLL
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 42.84
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1564.003 - Hidden Window
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 22.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1558.001 - Golden Ticket
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 30.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1057 - Process Discovery
- T1097 - Pass the Ticket
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1146 - Clear Command History
- T1668 - Exclusive Control
MITREへのリンク →
Score: 26.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.48
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 14.02
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 24.60
Matched TTPs:
- T1560.001 - Archive via Utility
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1547.015 - Login Items
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 48.65
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1566.002 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1197 - BITS Jobs
- T1591.004 - Identify Roles
- T1668 - Exclusive Control
- T1003.003 - NTDS
MITREへのリンク →
Score: 15.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1562.012 - Disable or Modify Linux Audit System
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.53
Matched TTPs:
- T1560.001 - Archive via Utility
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.19
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.72
Matched TTPs:
- T1560.001 - Archive via Utility
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 24.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
- T1591.004 - Identify Roles
- T1668 - Exclusive Control
MITREへのリンク →
Score: 17.28
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 33.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1098.002 - Additional Email Delegate Permissions
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1165 - Startup Items
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1591.004 - Identify Roles
- T1668 - Exclusive Control
MITREへのリンク →
Score: 9.89
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 15.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1601 - Modify System Image
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 12.16
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 25.56
Matched TTPs:
- T1596.003 - Digital Certificates
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1596.003 - Digital Certificates
- T1562.012 - Disable or Modify Linux Audit System
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.38
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1564.002 - Hidden Users
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1596.003 - Digital Certificates
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 17.66
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1039 - Data from Network Shared Drive
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 29.92
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1165 - Startup Items
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1057 - Process Discovery
- T1597 - Search Closed Sources
- T1174 - Password Filter DLL
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
- T1086 - PowerShell
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
MITREへのリンク →
Score: 5.80
Matched TTPs:
- T1596.003 - Digital Certificates
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 21.47
Matched TTPs:
- T1596.003 - Digital Certificates
- T1063 - Security Software Discovery
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 35.68
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1165 - Startup Items
- T1003.007 - Proc Filesystem
- T1574.014 - AppDomainManager
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1097 - Pass the Ticket
- T1039 - Data from Network Shared Drive
- T1592.002 - Software
- T1591.004 - Identify Roles
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 10.09
Matched TTPs:
- T1596.003 - Digital Certificates
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →
Score: 25.78
Matched TTPs:
- T1596.003 - Digital Certificates
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1055.014 - VDSO Hijacking
- T1097 - Pass the Ticket
- T1065 - Uncommonly Used Port
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 31.20
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1039 - Data from Network Shared Drive
- T1174 - Password Filter DLL
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 26.63
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1045 - Software Packing
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1591.004 - Identify Roles
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1491.002 - External Defacement
- T1562.012 - Disable or Modify Linux Audit System
- T1218.012 - Verclsid
MITREへのリンク →
Score: 6.84
Matched TTPs:
- T1491.002 - External Defacement
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1491.002 - External Defacement
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1491.002 - External Defacement
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 14.53
Matched TTPs:
- T1491.002 - External Defacement
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1055.014 - VDSO Hijacking
- T1488 - Disk Content Wipe
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 10.01
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 5.66
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 13.23
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1562.012 - Disable or Modify Linux Audit System
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1491.002 - External Defacement
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 7.70
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 3.65
Matched TTPs:
- T1491.002 - External Defacement
- T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →
Score: 9.65
Matched TTPs:
- T1491.002 - External Defacement
- T1165 - Startup Items
- T1027 - Obfuscated Files or Information
- T1591.004 - Identify Roles
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.74
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1591.004 - Identify Roles
- T1505 - Server Software Component
- T1001.001 - Junk Data
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1491.002 - External Defacement
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 3.69
Matched TTPs:
- T1491.002 - External Defacement
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 5.40
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 22.21
Matched TTPs:
- T1491.002 - External Defacement
- T1165 - Startup Items
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1071.003 - Mail Protocols
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 17.61
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.28
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 7.64
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 31.77
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1218.012 - Verclsid
- T1039 - Data from Network Shared Drive
- T1546.018 - Python Startup Hooks
- T1223 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 22.89
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1097 - Pass the Ticket
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.33
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1051 - Shared Webroot
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1003.003 - NTDS
MITREへのリンク →
Score: 10.37
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 44.48
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1165 - Startup Items
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1045 - Software Packing
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 10.47
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 18.43
Matched TTPs:
- T1063 - Security Software Discovery
- T1562.012 - Disable or Modify Linux Audit System
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1591.004 - Identify Roles
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1584.005 - Botnet
MITREへのリンク →
Score: 11.00
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 10.98
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
MITREへのリンク →
Score: 6.75
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.23
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 28.54
Matched TTPs:
- T1165 - Startup Items
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1564.002 - Hidden Users
- T1057 - Process Discovery
- T1027 - Obfuscated Files or Information
- T1065 - Uncommonly Used Port
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 3.71
Matched TTPs:
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 6.05
Matched TTPs:
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 13.92
Matched TTPs:
- T1165 - Startup Items
- T1003.007 - Proc Filesystem
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.01
Matched TTPs:
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.21
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 5.82
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 25.32
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1045 - Software Packing
- T1218.012 - Verclsid
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1059.013 - Container CLI/API
- T1591.004 - Identify Roles
- T1086 - PowerShell
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 18.65
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1591.004 - Identify Roles
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.34
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1690 - Prevent Command History Logging
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.20
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 14.98
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1591.004 - Identify Roles
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.77
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1002 - Data Compressed
MITREへのリンク →
Score: 25.15
Matched TTPs:
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1019 - System Firmware
- T1045 - Software Packing
- T1039 - Data from Network Shared Drive
- T1601 - Modify System Image
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 12.42
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1101 - Security Support Provider
- T1051 - Shared Webroot
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.77
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1591.004 - Identify Roles
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.83
Matched TTPs:
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.44
Matched TTPs:
- T1045 - Software Packing
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 4.11
Matched TTPs:
- T1045 - Software Packing
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 3.50
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1218.012 - Verclsid
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1547.015 - Login Items
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 4.07
Matched TTPs:
- T1097 - Pass the Ticket
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.05
Matched TTPs:
- T1039 - Data from Network Shared Drive
- T1591.004 - Identify Roles
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
- T1009 - Binary Padding
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1668 - Exclusive Control
- T1218.012 - Verclsid
- T1003.007 - Proc Filesystem
- T1003.003 - NTDS
- T1051 - Shared Webroot
- T1197 - BITS Jobs
- T1057 - Process Discovery
- T1566.002 - Spearphishing Link
- T1690 - Prevent Command History Logging
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1591.004 - Identify Roles
- T1055.014 - VDSO Hijacking
- T1596.003 - Digital Certificates
- T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1051 - Shared Webroot
- T1197 - BITS Jobs
- T1583.001 - Domains
- T1045 - Software Packing
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
- T1039 - Data from Network Shared Drive
- T1566.002 - Spearphishing Link
- T1027 - Obfuscated Files or Information
- T1547.005 - Security Support Provider
- T1685.004 - Disable or Modify Linux Audit System Log
- T1165 - Startup Items
- T1597 - Search Closed Sources
- T1019 - System Firmware
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1140 - Deobfuscate/Decode Files or Information
- T1564.003 - Hidden Window
- T1596.003 - Digital Certificates
- T1097 - Pass the Ticket
- T1041 - Exfiltration Over C2 Channel
- T1668 - Exclusive Control
- T1045 - Software Packing
- T1134 - Access Token Manipulation
- T1177 - LSASS Driver
- T1562.012 - Disable or Modify Linux Audit System
- T1002 - Data Compressed
- T1591.004 - Identify Roles
- T1027 - Obfuscated Files or Information
- T1560.001 - Archive via Utility
- T1574.002 - DLL Side-Loading
- T1584.008 - Network Devices
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1488 - Disk Content Wipe
- T1055.004 - Asynchronous Procedure Call
- T1140 - Deobfuscate/Decode Files or Information
- T1596.003 - Digital Certificates
- T1045 - Software Packing
- T1134 - Access Token Manipulation
- T1039 - Data from Network Shared Drive
- T1176 - Software Extensions
- T1003.007 - Proc Filesystem
- T1562.012 - Disable or Modify Linux Audit System
- T1057 - Process Discovery
- T1065 - Uncommonly Used Port
- T1547.005 - Security Support Provider
- T1560.001 - Archive via Utility
- T1574.002 - DLL Side-Loading
- T1591.004 - Identify Roles
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design