VECT: Ransomware by design, Wiper by accident
概要
Check Point Research discovered critical flaws in VECT 2.0 ransomware affecting Windows, Linux, and ESXi platforms. A fundamental encryption implementation error causes files larger than 128 KB to be permanently destroyed rather than encrypted. The malware uses ChaCha20-IETF cipher but only saves one of four decryption nonces required for large files, making recovery impossible even after ransom payment. VECT's encryption speed modes are non-functional, thread scheduling degrades performance, and anti-analysis code is unreachable. Despite partnerships with TeamPCP and BreachForums for distribution, the technical implementation demonstrates amateur execution behind a professional facade. The nonce-handling flaw exists across all platform variants since initial deployment, effectively transforming this ransomware into a wiper for enterprise assets including VM disks, databases, and backups.
Created: 2026-04-29
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 10.55
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 27.89
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1556.009 - Conditional Access Policies
- T1134 - Access Token Manipulation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 10.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1562 - Impair Defenses
- T1051 - Shared Webroot
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 16.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 4.75
Matched TTPs:
- T1560.001 - Archive via Utility
- T1016.001 - Internet Connection Discovery
MITREへのリンク →
Score: 39.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1562 - Impair Defenses
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1057 - Process Discovery
- T1212 - Exploitation for Credential Access
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 8.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 27.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1016.001 - Internet Connection Discovery
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1136.003 - Cloud Account
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1159 - Launch Agent
MITREへのリンク →
Score: 9.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 16.57
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 20.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1157 - Dylib Hijacking
- T1685 - Disable or Modify Tools
- T1137.004 - Outlook Home Page
MITREへのリンク →
Score: 10.46
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1562 - Impair Defenses
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 7.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1051 - Shared Webroot
- T1209 - Time Providers
MITREへのリンク →
Score: 13.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 10.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 13.64
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 34.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562 - Impair Defenses
- T1684 - Social Engineering
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 23.75
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1562 - Impair Defenses
- T1518.002 - Backup Software Discovery
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1159 - Launch Agent
MITREへのリンク →
Score: 29.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
- T1059.012 - Hypervisor CLI
- T1146 - Clear Command History
- T1588.003 - Code Signing Certificates
MITREへのリンク →
Score: 31.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1556.009 - Conditional Access Policies
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.81
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
MITREへのリンク →
Score: 28.48
Matched TTPs:
- T1560.001 - Archive via Utility
- T1016.001 - Internet Connection Discovery
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1547.015 - Login Items
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1003.006 - DCSync
MITREへのリンク →
Score: 46.04
Matched TTPs:
- T1560.001 - Archive via Utility
- T1016.001 - Internet Connection Discovery
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1218.012 - Verclsid
- T1057 - Process Discovery
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1197 - BITS Jobs
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 10.68
Matched TTPs:
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1560.001 - Archive via Utility
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1016.001 - Internet Connection Discovery
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 25.37
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
- T1209 - Time Providers
- T1686.001 - Cloud Firewall
MITREへのリンク →
Score: 21.31
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1059.001 - PowerShell
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 31.08
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1098.002 - Additional Email Delegate Permissions
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 12.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1209 - Time Providers
MITREへのリンク →
Score: 13.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 14.04
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 25.83
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1562.010 - Downgrade Attack
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 24.43
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1063 - Security Software Discovery
- T1562 - Impair Defenses
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.63
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1606.002 - SAML Tokens
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1057 - Process Discovery
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1209 - Time Providers
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.28
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 7.64
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 35.29
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1036.004 - Masquerade Task or Service
- T1218.012 - Verclsid
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1223 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 23.81
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1193 - Spearphishing Attachment
- T1657 - Financial Theft
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.11
Matched TTPs:
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 14.44
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1051 - Shared Webroot
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 11.79
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 26.50
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1562 - Impair Defenses
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1055.014 - VDSO Hijacking
- T1212 - Exploitation for Credential Access
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
MITREへのリンク →
Score: 20.40
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1057 - Process Discovery
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 20.38
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1498 - Network Denial of Service
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 39.11
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1574.014 - AppDomainManager
- T1091 - Replication Through Removable Media
- T1562 - Impair Defenses
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1212 - Exploitation for Credential Access
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.002 - Software
- T1556.009 - Conditional Access Policies
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.91
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
MITREへのリンク →
Score: 32.62
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1193 - Spearphishing Attachment
- T1055.004 - Asynchronous Procedure Call
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1134 - Access Token Manipulation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 9.75
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1498 - Network Denial of Service
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 24.12
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1071.003 - Mail Protocols
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1209 - Time Providers
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 23.86
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 48.46
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1090.004 - Domain Fronting
- T1564.003 - Hidden Window
- T1498 - Network Denial of Service
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 15.36
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
- T1090.004 - Domain Fronting
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.17
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1159 - Launch Agent
MITREへのリンク →
Score: 10.01
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 7.99
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
MITREへのリンク →
Score: 28.19
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1039 - Data from Network Shared Drive
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 14.69
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1657 - Financial Theft
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 12.66
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.06
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 7.41
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.31
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
MITREへのリンク →
Score: 16.04
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1562.010 - Downgrade Attack
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.68
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1159 - Launch Agent
MITREへのリンク →
Score: 8.63
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 30.47
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1562.010 - Downgrade Attack
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.07
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.63
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 8.92
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 4.97
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1209 - Time Providers
MITREへのリンク →
Score: 3.24
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1209 - Time Providers
MITREへのリンク →
Score: 22.79
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.31
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1505 - Server Software Component
MITREへのリンク →
Score: 6.86
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 14.41
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1055.014 - VDSO Hijacking
- T1157 - Dylib Hijacking
- T1488 - Disk Content Wipe
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1002 - Data Compressed
MITREへのリンク →
Score: 14.80
Matched TTPs:
- T1562 - Impair Defenses
- T1101 - Security Support Provider
- T1051 - Shared Webroot
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 6.29
Matched TTPs:
- T1562 - Impair Defenses
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 27.14
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.43
Matched TTPs:
- T1684 - Social Engineering
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.45
Matched TTPs:
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1039 - Data from Network Shared Drive
- T1209 - Time Providers
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1684 - Social Engineering
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.33
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1684 - Social Engineering
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 22.40
Matched TTPs:
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1137.004 - Outlook Home Page
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1009 - Binary Padding
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 4.83
Matched TTPs:
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 3.50
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 13.21
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1209 - Time Providers
- T1159 - Launch Agent
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1218.012 - Verclsid
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.17
Matched TTPs:
- T1218.012 - Verclsid
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1547.015 - Login Items
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 7.99
Matched TTPs:
- T1059.001 - PowerShell
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 3.19
Matched TTPs:
- T1157 - Dylib Hijacking
- T1209 - Time Providers
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.03
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1157 - Dylib Hijacking
- T1090.004 - Domain Fronting
- T1027.002 - Software Packing
- T1197 - BITS Jobs
- T1547.005 - Security Support Provider
- T1051 - Shared Webroot
- T1134 - Access Token Manipulation
- T1685.004 - Disable or Modify Linux Audit System Log
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1498 - Network Denial of Service
- T1564.003 - Hidden Window
- T1204.001 - Malicious Link
- T1566.002 - Spearphishing Link
- T1039 - Data from Network Shared Drive
- T1019 - System Firmware
MITREへのリンク →
Score: 0.66
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1665 - Hide Infrastructure
- T1055.014 - VDSO Hijacking
- T1091 - Replication Through Removable Media
- T1690 - Prevent Command History Logging
- T1183 - Image File Execution Options Injection
- T1197 - BITS Jobs
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1218.012 - Verclsid
- T1016.001 - Internet Connection Discovery
- T1009 - Binary Padding
- T1566.002 - Spearphishing Link
- T1057 - Process Discovery
- T1003.007 - Proc Filesystem
- T1684 - Social Engineering
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1665 - Hide Infrastructure
- T1157 - Dylib Hijacking
- T1055.004 - Asynchronous Procedure Call
- T1562 - Impair Defenses
- T1547.005 - Security Support Provider
- T1560.001 - Archive via Utility
- T1212 - Exploitation for Credential Access
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
- T1039 - Data from Network Shared Drive
- T1209 - Time Providers
- T1574.002 - DLL Side-Loading
- T1057 - Process Discovery
- T1003.007 - Proc Filesystem
- T1488 - Disk Content Wipe
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1157 - Dylib Hijacking
- T1091 - Replication Through Removable Media
- T1055.004 - Asynchronous Procedure Call
- T1562 - Impair Defenses
- T1606.002 - SAML Tokens
- T1556.009 - Conditional Access Policies
- T1051 - Shared Webroot
- T1547.008 - LSASS Driver
- T1574.014 - AppDomainManager
- T1009 - Binary Padding
- T1039 - Data from Network Shared Drive
- T1592.002 - Software
- T1209 - Time Providers
- T1212 - Exploitation for Credential Access
- T1003.007 - Proc Filesystem
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design