KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft
概要
An Android malware campaign masquerading as a bank KYC verification application targets users in India through WhatsApp distribution. The threat operates as a multi-stage dropper installing secondary payloads while establishing persistent command-and-control communication. It combines native code obfuscation, Firebase-based remote execution, VPN-based traffic manipulation, and WebView-based phishing to systematically harvest sensitive user data. The infection chain progresses through deceptive update screens, VPN activation, silent APK installation, and extensive permission abuse. The deployed payload enables SMS interception, call control, USSD execution, and structured credential theft through staged phishing interfaces mimicking legitimate banking workflows. Exfiltrated data is encrypted locally and transmitted to jsonapi.biz, while critical configuration values are hidden inside native libraries to hinder detection.
Created: 2026-04-29
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 21.88
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1657 - Financial Theft
- T1573 - Encrypted Channel
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 14.30
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 23.82
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1092 - Communication Through Removable Media
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 35.23
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1574.014 - AppDomainManager
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 37.89
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1039 - Data from Network Shared Drive
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1059.012 - Hypervisor CLI
- T1668 - Exclusive Control
- T1588.003 - Code Signing Certificates
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.38
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 6.69
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1140 - Deobfuscate/Decode Files or Information
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 8.25
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1596.003 - Digital Certificates
- T1091 - Replication Through Removable Media
- T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →
Score: 31.50
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1587.003 - Digital Certificates
- T1566.002 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.89
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.82
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1587.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.45
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 31.60
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1596.003 - Digital Certificates
- T1556.002 - Password Filter DLL
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 5.82
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
MITREへのリンク →
Score: 15.78
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 49.63
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1596.003 - Digital Certificates
- T1016.001 - Internet Connection Discovery
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1092 - Communication Through Removable Media
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1491.002 - External Defacement
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 33.07
Matched TTPs:
- T1156 - Malicious Shell Modification
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1092 - Communication Through Removable Media
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 33.60
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →
Score: 9.20
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 19.50
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1055.004 - Asynchronous Procedure Call
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 14.04
Matched TTPs:
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.06
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 27.79
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1039 - Data from Network Shared Drive
- T1573 - Encrypted Channel
- T1574.009 - Path Interception by Unquoted Path
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 27.17
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1016.001 - Internet Connection Discovery
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1684 - Social Engineering
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.17
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 37.37
Matched TTPs:
- T1596.003 - Digital Certificates
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1075 - Pass the Hash
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.83
Matched TTPs:
- T1596.003 - Digital Certificates
- T1499.003 - Application Exhaustion Flood
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 38.69
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1092 - Communication Through Removable Media
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.88
Matched TTPs:
- T1596.003 - Digital Certificates
- T1562.012 - Disable or Modify Linux Audit System
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.82
Matched TTPs:
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
- T1668 - Exclusive Control
MITREへのリンク →
Score: 19.93
Matched TTPs:
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 48.39
Matched TTPs:
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1562.012 - Disable or Modify Linux Audit System
- T1552.004 - Private Keys
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1002 - Data Compressed
- T1574.009 - Path Interception by Unquoted Path
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 6.86
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1218.012 - Verclsid
MITREへのリンク →
Score: 5.59
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.59
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.18
Matched TTPs:
- T1491.002 - External Defacement
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 11.70
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.25
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.60
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.98
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.54
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 14.28
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1562.012 - Disable or Modify Linux Audit System
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.73
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 4.23
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 7.89
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 12.40
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.52
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →
Score: 9.05
Matched TTPs:
- T1491.002 - External Defacement
- T1558 - Steal or Forge Kerberos Tickets
- T1027 - Obfuscated Files or Information
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1505 - Server Software Component
MITREへのリンク →
Score: 16.40
Matched TTPs:
- T1491.002 - External Defacement
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1058 - Service Registry Permissions Weakness
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
MITREへのリンク →
Score: 3.83
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 26.81
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.69
Matched TTPs:
- T1491.002 - External Defacement
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 18.26
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1009 - Binary Padding
- T1071.003 - Mail Protocols
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 17.70
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
MITREへのリンク →
Score: 18.98
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1063 - Security Software Discovery
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1016.001 - Internet Connection Discovery
MITREへのリンク →
Score: 42.53
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1058 - Service Registry Permissions Weakness
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1136.001 - Local Account
- T1092 - Communication Through Removable Media
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.22
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1606.002 - SAML Tokens
- T1556.002 - Password Filter DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 10.27
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.93
Matched TTPs:
- T1584.008 - Network Devices
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.34
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 32.39
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1036.004 - Masquerade Task or Service
- T1218.012 - Verclsid
- T1039 - Data from Network Shared Drive
- T1223 - Compiled HTML File
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.56
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.88
Matched TTPs:
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.08
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1558 - Steal or Forge Kerberos Tickets
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 16.76
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1587.003 - Digital Certificates
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1685 - Disable or Modify Tools
MITREへのリンク →
Score: 14.90
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1059.012 - Hypervisor CLI
- T1160 - Launch Daemon
MITREへのリンク →
Score: 24.00
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1587.003 - Digital Certificates
- T1590.003 - Network Trust Dependencies
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1212 - Exploitation for Credential Access
- T1574 - Hijack Execution Flow
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 11.48
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1558 - Steal or Forge Kerberos Tickets
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.46
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1598.003 - Spearphishing Link
- T1684 - Social Engineering
- T1039 - Data from Network Shared Drive
- T1573 - Encrypted Channel
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.67
Matched TTPs:
- T1587.003 - Digital Certificates
- T1606.002 - SAML Tokens
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.64
Matched TTPs:
- T1587.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1055.004 - Asynchronous Procedure Call
- T1668 - Exclusive Control
MITREへのリンク →
Score: 7.78
Matched TTPs:
- T1606.002 - SAML Tokens
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 17.72
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1087.004 - Cloud Account
- T1574.009 - Path Interception by Unquoted Path
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.44
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1009 - Binary Padding
MITREへのリンク →
Score: 10.34
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.32
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →
Score: 31.66
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1590.003 - Network Trust Dependencies
- T1176 - Software Extensions
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 34.31
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 10.87
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1584.005 - Botnet
MITREへのリンク →
Score: 15.57
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1562.012 - Disable or Modify Linux Audit System
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.52
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
MITREへのリンク →
Score: 10.69
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.76
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
MITREへのリンク →
Score: 6.19
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.05
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.40
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
- T1218.012 - Verclsid
MITREへのリンク →
Score: 5.57
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1565.002 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 6.55
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.96
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.10
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 8.21
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.06
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →
Score: 4.00
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.37
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1055.004 - Asynchronous Procedure Call
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 9.44
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1684 - Social Engineering
- T1562.012 - Disable or Modify Linux Audit System
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.54
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
MITREへのリンク →
Score: 8.95
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 16.32
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.88
Matched TTPs:
- T1024 - Custom Cryptographic Protocol
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1019 - System Firmware
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1024 - Custom Cryptographic Protocol
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.81
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.10
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 22.12
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1552.004 - Private Keys
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.20
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1002 - Data Compressed
MITREへのリンク →
Score: 7.34
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.22
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.33
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 9.90
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1101 - Security Support Provider
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.39
Matched TTPs:
- T1552.004 - Private Keys
- T1597 - Search Closed Sources
- T1668 - Exclusive Control
MITREへのリンク →
Score: 4.83
Matched TTPs:
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 12.80
Matched TTPs:
- T1589.003 - Employee Names
- T1130 - Install Root Certificate
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1596.003 - Digital Certificates
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
- T1597 - Search Closed Sources
- T1598.003 - Spearphishing Link
- T1156 - Malicious Shell Modification
- T1684 - Social Engineering
- T1562.012 - Disable or Modify Linux Audit System
- T1016.001 - Internet Connection Discovery
- T1092 - Communication Through Removable Media
- T1566.002 - Spearphishing Link
- T1565.002 - Transmitted Data Manipulation
- T1140 - Deobfuscate/Decode Files or Information
- T1197 - BITS Jobs
- T1087.004 - Cloud Account
- T1009 - Binary Padding
- T1024 - Custom Cryptographic Protocol
- T1606.002 - SAML Tokens
- T1690 - Prevent Command History Logging
- T1218.012 - Verclsid
MITREへのリンク →
Score: 0.68
Matched TTPs:
- T1574.009 - Path Interception by Unquoted Path
- T1002 - Data Compressed
- T1574.002 - DLL Side-Loading
- T1598.003 - Spearphishing Link
- T1684 - Social Engineering
- T1552.004 - Private Keys
- T1134 - Access Token Manipulation
- T1596.003 - Digital Certificates
- T1562.012 - Disable or Modify Linux Audit System
- T1177 - LSASS Driver
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1668 - Exclusive Control
- T1584.008 - Network Devices
- T1037.001 - Logon Script (Windows)
- T1055.004 - Asynchronous Procedure Call
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1092 - Communication Through Removable Media
- T1087.004 - Cloud Account
- T1055.004 - Asynchronous Procedure Call
- T1598.003 - Spearphishing Link
- T1134 - Access Token Manipulation
- T1091 - Replication Through Removable Media
- T1590.003 - Network Trust Dependencies
- T1566.002 - Spearphishing Link
- T1136.003 - Cloud Account
- T1024 - Custom Cryptographic Protocol
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1136.001 - Local Account
- T1565.002 - Transmitted Data Manipulation
- T1016.001 - Internet Connection Discovery
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design