Extortion in the Enterprise: Defending Against BlackFile Attacks
概要
Since February 2026, multiple incidents involving data theft and extortion have been attributed to activity cluster CL-CRI-1116, also known as BlackFile, UNC6671, and Cordial Spider. These financially-motivated attackers, likely associated with "The Com" collective, employ voice-based phishing combined with credential harvesting through fraudulent login pages. They impersonate IT support staff to steal credentials and bypass multi-factor authentication. The attackers focus on Living Off the Land techniques, abusing legitimate APIs like Microsoft Graph to access SharePoint sites and Salesforce data. They search for confidential information and employee data within SaaS environments, then exfiltrate it through browser downloads or API exports. To pressure victims into paying seven-figure ransoms, attackers send demands via Gmail and compromised email accounts, sometimes employing SWATting tactics against executives.
Created: 2026-04-28
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 60.34
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1567.004 - Exfiltration Over Webhook
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1102 - Web Service
- T1608 - Stage Capabilities
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1567.002 - Exfiltration to Cloud Storage
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1055.005 - Thread Local Storage
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 89.21
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1213.006 - Databases
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1567.004 - Exfiltration Over Webhook
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1552.003 - Shell History
- T1608 - Stage Capabilities
- T1087.004 - Cloud Account
- T1041 - Exfiltration Over C2 Channel
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1126 - Network Share Connection Removal
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 28.66
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1499.003 - Application Exhaustion Flood
- T1587.003 - Digital Certificates
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1685 - Disable or Modify Tools
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 55.88
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1574.007 - Path Interception by PATH Environment Variable
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1567.004 - Exfiltration Over Webhook
- T1131 - Authentication Package
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.003 - Firmware
- T1218.010 - Regsvr32
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1585 - Establish Accounts
- T1059.012 - Hypervisor CLI
- T1146 - Clear Command History
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 62.91
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1567.004 - Exfiltration Over Webhook
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1036.004 - Masquerade Task or Service
- T1218.012 - Verclsid
- T1556.008 - Network Provider DLL
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1223 - Compiled HTML File
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.45
Matched TTPs:
- T1574.007 - Path Interception by PATH Environment Variable
- T1137.005 - Outlook Rules
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.12
Matched TTPs:
- T1574.007 - Path Interception by PATH Environment Variable
- T1099 - Timestomp
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 35.31
Matched TTPs:
- T1574.007 - Path Interception by PATH Environment Variable
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.003 - Firmware
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 34.43
Matched TTPs:
- T1574.007 - Path Interception by PATH Environment Variable
- T1587.003 - Digital Certificates
- T1567.004 - Exfiltration Over Webhook
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1157 - Dylib Hijacking
- T1574 - Hijack Execution Flow
- T1592.003 - Firmware
- T1059.003 - Windows Command Shell
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 25.97
Matched TTPs:
- T1574.007 - Path Interception by PATH Environment Variable
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1198 - SIP and Trust Provider Hijacking
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 77.79
Matched TTPs:
- T1213.002 - Sharepoint
- T1666 - Modify Cloud Resource Hierarchy
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1590.006 - Network Security Appliances
- T1144 - Gatekeeper Bypass
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 45.15
Matched TTPs:
- T1213.002 - Sharepoint
- T1099 - Timestomp
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1102 - Web Service
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1584.002 - DNS Server
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 6.92
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1157 - Dylib Hijacking
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.17
Matched TTPs:
- T1491.002 - External Defacement
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1491.002 - External Defacement
- T1048 - Exfiltration Over Alternative Protocol
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.21
Matched TTPs:
- T1491.002 - External Defacement
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.91
Matched TTPs:
- T1491.002 - External Defacement
- T1590.006 - Network Security Appliances
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1491.002 - External Defacement
- T1098.007 - Additional Local or Domain Groups
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.02
Matched TTPs:
- T1491.002 - External Defacement
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 39.21
Matched TTPs:
- T1491.002 - External Defacement
- T1484.002 - Trust Modification
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1157 - Dylib Hijacking
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
- T1592.003 - Firmware
- T1218.010 - Regsvr32
- T1001.003 - Protocol or Service Impersonation
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 20.77
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1566.002 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 20.41
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1087.004 - Cloud Account
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1001.003 - Protocol or Service Impersonation
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 54.09
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1098.007 - Additional Local or Domain Groups
- T1567.004 - Exfiltration Over Webhook
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1059.012 - Hypervisor CLI
- T1055.005 - Thread Local Storage
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.22
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.49
Matched TTPs:
- T1491.002 - External Defacement
- T1051 - Shared Webroot
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.96
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1039 - Data from Network Shared Drive
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 24.41
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.94
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 9.44
Matched TTPs:
- T1491.002 - External Defacement
- T1590.006 - Network Security Appliances
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 19.66
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1656 - Impersonation
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 35.71
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1678 - Delay Execution
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1574.009 - Path Interception by Unquoted Path
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.53
Matched TTPs:
- T1491.002 - External Defacement
- T1099 - Timestomp
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.12
Matched TTPs:
- T1491.002 - External Defacement
- T1552.003 - Shell History
MITREへのリンク →
Score: 54.84
Matched TTPs:
- T1491.002 - External Defacement
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1683 - Generate Content
- T1592.003 - Firmware
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1098.002 - Additional Email Delegate Permissions
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 18.48
Matched TTPs:
- T1491.002 - External Defacement
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1030 - Data Transfer Size Limits
- T1565.002 - Transmitted Data Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.19
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1027.014 - Polymorphic Code
- T1505 - Server Software Component
- T1001.001 - Junk Data
MITREへのリンク →
Score: 16.79
Matched TTPs:
- T1491.002 - External Defacement
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 53.26
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1552.003 - Shell History
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1126 - Network Share Connection Removal
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.69
Matched TTPs:
- T1491.002 - External Defacement
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 23.22
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.97
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 23.48
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1491.002 - External Defacement
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 40.61
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1574.014 - AppDomainManager
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1048 - Exfiltration Over Alternative Protocol
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
- T1556.009 - Conditional Access Policies
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 48.45
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1567.004 - Exfiltration Over Webhook
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 28.47
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 44.51
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1684 - Social Engineering
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1027.004 - Compile After Delivery
- T1556.009 - Conditional Access Policies
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 26.10
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1128 - Netsh Helper DLL
- T1203 - Exploitation for Client Execution
- T1601.001 - Patch System Image
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.07
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 32.84
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 29.55
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 19.56
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1587.003 - Digital Certificates
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.45
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1684 - Social Engineering
- T1547.011 - Plist Modification
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.03
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1218.012 - Verclsid
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 30.06
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 23.80
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.98
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.21
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.62
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
- T1657 - Financial Theft
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 28.28
Matched TTPs:
- T1099 - Timestomp
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 36.14
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
- T1059.013 - Container CLI/API
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.34
Matched TTPs:
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 28.06
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1144 - Gatekeeper Bypass
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 16.12
Matched TTPs:
- T1099 - Timestomp
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.93
Matched TTPs:
- T1584.008 - Network Devices
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.24
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 39.55
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1193 - Spearphishing Attachment
- T1590.006 - Network Security Appliances
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.90
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 61.48
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1048 - Exfiltration Over Alternative Protocol
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1574.009 - Path Interception by Unquoted Path
- T1001.003 - Protocol or Service Impersonation
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 18.29
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1567.004 - Exfiltration Over Webhook
- T1055.004 - Asynchronous Procedure Call
- T1102 - Web Service
MITREへのリンク →
Score: 33.99
Matched TTPs:
- T1584.008 - Network Devices
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1001.003 - Protocol or Service Impersonation
- T1556.009 - Conditional Access Policies
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 26.08
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1051 - Shared Webroot
- T1102 - Web Service
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1656 - Impersonation
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.28
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 17.97
Matched TTPs:
- T1587.003 - Digital Certificates
- T1606.002 - SAML Tokens
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1128 - Netsh Helper DLL
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.29
Matched TTPs:
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 31.04
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1567.004 - Exfiltration Over Webhook
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1027.004 - Compile After Delivery
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 14.69
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1087.004 - Cloud Account
- T1574.009 - Path Interception by Unquoted Path
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 54.66
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1193 - Spearphishing Attachment
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.75
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1110.003 - Password Spraying
MITREへのリンク →
Score: 17.63
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1574.009 - Path Interception by Unquoted Path
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.59
Matched TTPs:
- T1606.002 - SAML Tokens
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 23.20
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 18.82
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 19.25
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 18.74
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 12.38
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1218.010 - Regsvr32
- T1001.003 - Protocol or Service Impersonation
- T1601.001 - Patch System Image
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 13.54
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1584.002 - DNS Server
MITREへのリンク →
Score: 25.02
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.00
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 17.16
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1583.001 - Domains
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1128 - Netsh Helper DLL
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 15.86
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1567.004 - Exfiltration Over Webhook
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 6.26
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.32
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 30.48
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1598 - Phishing for Information
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.76
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1157 - Dylib Hijacking
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.28
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.19
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1002 - Data Compressed
MITREへのリンク →
Score: 14.91
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 43.26
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1567.004 - Exfiltration Over Webhook
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1590 - Gather Victim Network Information
- T1048 - Exfiltration Over Alternative Protocol
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.06
Matched TTPs:
- T1684 - Social Engineering
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 11.08
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 8.99
Matched TTPs:
- T1684 - Social Engineering
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1009 - Binary Padding
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 9.43
Matched TTPs:
- T1131 - Authentication Package
- T1552.003 - Shell History
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 13.54
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1144 - Gatekeeper Bypass
- T1102 - Web Service
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.24
Matched TTPs:
- T1547.011 - Plist Modification
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.68
Matched TTPs:
- T1547.011 - Plist Modification
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 20.79
Matched TTPs:
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.70
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.06
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 3.01
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.57
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 15.38
Matched TTPs:
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 4.99
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1055.002 - Portable Executable Injection
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.17
Matched TTPs:
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1218.010 - Regsvr32
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1597 - Search Closed Sources
- T1051 - Shared Webroot
- T1546.008 - Accessibility Features
- T1656 - Impersonation
- T1684 - Social Engineering
- T1131 - Authentication Package
- T1608 - Stage Capabilities
- T1213.006 - Databases
- T1027.014 - Polymorphic Code
- T1183 - Image File Execution Options Injection
- T1126 - Network Share Connection Removal
- T1087.004 - Cloud Account
- T1552.003 - Shell History
- T1690 - Prevent Command History Logging
- T1218.012 - Verclsid
- T1140 - Deobfuscate/Decode Files or Information
- T1027.018 - Invisible Unicode
- T1566.002 - Spearphishing Link
- T1009 - Binary Padding
- T1565.002 - Transmitted Data Manipulation
- T1546.013 - PowerShell Profile
- T1609 - Container Administration Command
- T1197 - BITS Jobs
- T1030 - Data Transfer Size Limits
- T1041 - Exfiltration Over C2 Channel
- T1601.001 - Patch System Image
- T1037 - Boot or Logon Initialization Scripts
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1567.004 - Exfiltration Over Webhook
- T1606.002 - SAML Tokens
- T1027.004 - Compile After Delivery
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1213.002 - Sharepoint
- T1597 - Search Closed Sources
- T1051 - Shared Webroot
- T1039 - Data from Network Shared Drive
- T1019 - System Firmware
- T1685.004 - Disable or Modify Linux Audit System Log
- T1564.003 - Hidden Window
- T1157 - Dylib Hijacking
- T1583.001 - Domains
- T1087.004 - Cloud Account
- T1552.003 - Shell History
- T1027.002 - Software Packing
- T1566.002 - Spearphishing Link
- T1565.002 - Transmitted Data Manipulation
- T1609 - Container Administration Command
- T1027 - Obfuscated Files or Information
- T1666 - Modify Cloud Resource Hierarchy
- T1197 - BITS Jobs
- T1030 - Data Transfer Size Limits
- T1134 - Access Token Manipulation
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1556.008 - Network Provider DLL
- T1144 - Gatekeeper Bypass
- T1083 - File and Directory Discovery
- T1547.005 - Security Support Provider
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design