Energy Sector Incident Report
概要
On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.
Created: 2026-05-01
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 29.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1175 - Component Object Model and Distributed COM
- T1608.005 - Link Target
- T1210 - Exploitation of Remote Services
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1055.008 - Ptrace System Calls
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 25.97
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 29.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1038 - DLL Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1157 - Dylib Hijacking
- T1562.001 - Disable or Modify Tools
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 21.79
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1055.013 - Process Doppelgänging
- T1612 - Build Image on Host
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1560.001 - Archive via Utility
- T1045 - Software Packing
MITREへのリンク →
Score: 54.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1057 - Process Discovery
- T1212 - Exploitation for Credential Access
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1584.002 - DNS Server
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 11.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 61.96
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1203 - Exploitation for Client Execution
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
- T1055.005 - Thread Local Storage
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.06
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 18.25
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1212 - Exploitation for Credential Access
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 26.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1175 - Component Object Model and Distributed COM
- T1157 - Dylib Hijacking
- T1059.013 - Container CLI/API
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 23.16
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.001 - Spearphishing Attachment
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 19.57
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1612 - Build Image on Host
- T1128 - Netsh Helper DLL
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 19.21
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1180 - Screensaver
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1578.003 - Delete Cloud Instance
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 13.49
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 52.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1578.003 - Delete Cloud Instance
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1030 - Data Transfer Size Limits
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 36.06
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 52.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1222.002 - Linux and Mac Permissions
- T1566.002 - Spearphishing Link
- T1058 - Service Registry Permissions Weakness
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1175 - Component Object Model and Distributed COM
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
- T1588.003 - Code Signing Certificates
- T1027.018 - Invisible Unicode
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 54.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1561 - Disk Wipe
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1212 - Exploitation for Credential Access
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 20.23
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 30.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1606.002 - SAML Tokens
- T1689 - Downgrade Attack
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1547.015 - Login Items
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 88.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1037 - Boot or Logon Initialization Scripts
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1213.006 - Databases
- T1566.002 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1057 - Process Discovery
- T1041 - Exfiltration Over C2 Channel
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1126 - Network Share Connection Removal
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 18.37
Matched TTPs:
- T1560.001 - Archive via Utility
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.37
Matched TTPs:
- T1560.001 - Archive via Utility
- T1612 - Build Image on Host
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 32.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.19
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 22.55
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
- T1686.001 - Cloud Firewall
MITREへのリンク →
Score: 43.53
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1499.004 - Application or System Exploitation
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1059.001 - PowerShell
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 48.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.002 - Spearphishing Link
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1021.008 - Direct Cloud VM Connections
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 17.42
Matched TTPs:
- T1560.001 - Archive via Utility
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 13.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 16.70
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 65.65
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1036.004 - Masquerade Task or Service
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027.004 - Compile After Delivery
- T1223 - Compiled HTML File
- T1608.006 - SEO Poisoning
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 60.40
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1126 - Network Share Connection Removal
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 51.21
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 14.49
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1091 - Replication Through Removable Media
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 31.84
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1055.013 - Process Doppelgänging
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1128 - Netsh Helper DLL
- T1203 - Exploitation for Client Execution
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 19.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1566.002 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.41
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1045 - Software Packing
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 22.66
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1175 - Component Object Model and Distributed COM
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.08
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1157 - Dylib Hijacking
- T1562.001 - Disable or Modify Tools
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.70
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.43
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 41.16
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 23.72
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1128 - Netsh Helper DLL
- T1052 - Exfiltration Over Physical Medium
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.38
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1052 - Exfiltration Over Physical Medium
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 15.98
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.05
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.35
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.62
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
- T1657 - Financial Theft
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 7.87
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 37.12
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1175 - Component Object Model and Distributed COM
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 31.08
Matched TTPs:
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1059.001 - PowerShell
- T1678 - Delay Execution
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 26.98
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1175 - Component Object Model and Distributed COM
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1003.003 - NTDS
MITREへのリンク →
Score: 12.55
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1175 - Component Object Model and Distributed COM
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 29.56
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1097 - Pass the Ticket
- T1134 - Access Token Manipulation
- T1159 - Launch Agent
MITREへのリンク →
Score: 29.76
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1175 - Component Object Model and Distributed COM
- T1057 - Process Discovery
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 57.17
Matched TTPs:
- T1606.002 - SAML Tokens
- T1098.007 - Additional Local or Domain Groups
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1057 - Process Discovery
- T1210 - Exploitation of Remote Services
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1562.001 - Disable or Modify Tools
- T1174 - Password Filter DLL
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 42.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.002 - Software
- T1128 - Netsh Helper DLL
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.28
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1087.004 - Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 53.11
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1045 - Software Packing
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1157 - Dylib Hijacking
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.04
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
MITREへのリンク →
Score: 7.38
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 35.22
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1036.009 - Break Process Trees
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1071.003 - Mail Protocols
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 23.63
Matched TTPs:
- T1484.002 - Trust Modification
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1157 - Dylib Hijacking
- T1027.014 - Polymorphic Code
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 47.88
Matched TTPs:
- T1527 - Application Access Token
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1045 - Software Packing
- T1090 - Proxy
- T1175 - Component Object Model and Distributed COM
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.32
Matched TTPs:
- T1180 - Screensaver
- T1036.009 - Break Process Trees
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1059.013 - Container CLI/API
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 36.01
Matched TTPs:
- T1180 - Screensaver
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1590 - Gather Victim Network Information
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.85
Matched TTPs:
- T1686.003 - Windows Host Firewall
- T1140 - Deobfuscate/Decode Files or Information
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 54.71
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1590.006 - Network Security Appliances
- T1045 - Software Packing
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1210 - Exploitation of Remote Services
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 18.82
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 22.80
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1608.006 - SEO Poisoning
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.90
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1175 - Component Object Model and Distributed COM
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.65
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.88
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
MITREへのリンク →
Score: 17.12
Matched TTPs:
- T1036.009 - Break Process Trees
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 24.65
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1128 - Netsh Helper DLL
- T1159 - Launch Agent
- T1665 - Hide Infrastructure
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 13.75
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.28
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1584.002 - DNS Server
- T1159 - Launch Agent
MITREへのリンク →
Score: 25.08
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1175 - Component Object Model and Distributed COM
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.25
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 16.03
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1612 - Build Image on Host
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 18.07
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1175 - Component Object Model and Distributed COM
- T1612 - Build Image on Host
- T1128 - Netsh Helper DLL
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 28.10
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.58
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1157 - Dylib Hijacking
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.94
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1027.014 - Polymorphic Code
- T1505 - Server Software Component
- T1001.001 - Junk Data
MITREへのリンク →
Score: 8.19
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1002 - Data Compressed
MITREへのリンク →
Score: 16.88
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1030 - Data Transfer Size Limits
- T1565.002 - Transmitted Data Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 25.76
Matched TTPs:
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1045 - Software Packing
- T1175 - Component Object Model and Distributed COM
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1009 - Binary Padding
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1131 - Authentication Package
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 10.58
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.08
Matched TTPs:
- T1547.011 - Plist Modification
- T1059.001 - PowerShell
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.56
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 3.01
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.57
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1045 - Software Packing
- T1055.013 - Process Doppelgänging
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1045 - Software Packing
- T1608.005 - Link Target
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 4.44
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 10.36
Matched TTPs:
- T1612 - Build Image on Host
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1159 - Launch Agent
MITREへのリンク →
Score: 10.52
Matched TTPs:
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.80
Matched TTPs:
- T1547.015 - Login Items
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 9.46
Matched TTPs:
- T1097 - Pass the Ticket
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1157 - Dylib Hijacking
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1157 - Dylib Hijacking
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.76
Matched TTPs:
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.70
Matched TTPs:
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1130 - Install Root Certificate
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 6.63
Matched TTPs:
- T1159 - Launch Agent
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1027.004 - Compile After Delivery
- T1140 - Deobfuscate/Decode Files or Information
- T1560.001 - Archive via Utility
- T1690 - Prevent Command History Logging
- T1218.012 - Verclsid
- T1037 - Boot or Logon Initialization Scripts
- T1566.002 - Spearphishing Link
- T1490 - Inhibit System Recovery
- T1131 - Authentication Package
- T1091 - Replication Through Removable Media
- T1609 - Container Administration Command
- T1003.003 - NTDS
- T1546.008 - Accessibility Features
- T1597 - Search Closed Sources
- T1565.002 - Transmitted Data Manipulation
- T1665 - Hide Infrastructure
- T1030 - Data Transfer Size Limits
- T1003.007 - Proc Filesystem
- T1197 - BITS Jobs
- T1606.002 - SAML Tokens
- T1087.004 - Cloud Account
- T1546.013 - PowerShell Profile
- T1027.014 - Polymorphic Code
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1183 - Image File Execution Options Injection
- T1126 - Network Share Connection Removal
- T1213.006 - Databases
- T1098.007 - Additional Local or Domain Groups
- T1041 - Exfiltration Over C2 Channel
- T1027.018 - Invisible Unicode
- T1057 - Process Discovery
- T1009 - Binary Padding
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design