Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft
概要
Trigona ransomware affiliates deployed a custom exfiltration tool called uploader_client.exe during attacks in March 2026, marking a tactical shift from relying on off-the-shelf utilities like Rclone. The tool features parallel streams with five default connections, connection rotation after 2,048 MB transfers to evade network monitoring, and granular filtering to exclude low-value files. Prior to exfiltration, attackers disabled security defenses using kernel-level tools including HRSword, PCHunter, Gmer, YDark, and WKTools with vulnerable drivers. Remote access was established via AnyDesk, while credentials were harvested using Mimikatz and Nirsoft utilities. The custom tooling demonstrates higher technical maturity compared to typical ransomware operations, providing enhanced stealth capabilities while requiring greater development resources. Targeted data included invoices and high-value PDF documents from networked drives.
Created: 2026-05-04
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 11.95
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 16.41
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 19.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1556.009 - Conditional Access Policies
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.65
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
- T1656 - Impersonation
MITREへのリンク →
Score: 23.90
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1584.002 - DNS Server
- T1537 - Transfer Data to Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 10.56
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1053.002 - At
MITREへのリンク →
Score: 31.17
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1136.001 - Local Account
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 13.42
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 18.37
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1608.004 - Drive-by Target
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 9.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1180 - Screensaver
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 7.45
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 13.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1174 - Password Filter DLL
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 25.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1048 - Exfiltration Over Alternative Protocol
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 17.33
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 23.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1222.002 - Linux and Mac Permissions
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1131 - Authentication Package
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1574.009 - Path Interception by Unquoted Path
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 25.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1131 - Authentication Package
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 12.97
Matched TTPs:
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 20.41
Matched TTPs:
- T1560.001 - Archive via Utility
- T1689 - Downgrade Attack
- T1140 - Deobfuscate/Decode Files or Information
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1003.006 - DCSync
MITREへのリンク →
Score: 52.70
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1537 - Transfer Data to Cloud Account
- T1126 - Network Share Connection Removal
- T1665 - Hide Infrastructure
- T1053.002 - At
MITREへのリンク →
Score: 12.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 10.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1598.003 - Spearphishing Link
- T1027 - Obfuscated Files or Information
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 18.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
MITREへのリンク →
Score: 4.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
MITREへのリンク →
Score: 17.99
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 15.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1110.003 - Password Spraying
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 29.00
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1140 - Deobfuscate/Decode Files or Information
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
- T1053.002 - At
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 43.54
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
- T1537 - Transfer Data to Cloud Account
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.57
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1608.004 - Drive-by Target
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1055.013 - Process Doppelgänging
- T1592.004 - Client Configurations
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.05
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 15.88
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1598.003 - Spearphishing Link
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.13
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1090 - Proxy
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 9.94
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
MITREへのリンク →
Score: 11.43
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1547.011 - Plist Modification
- T1048 - Exfiltration Over Alternative Protocol
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 35.71
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
MITREへのリンク →
Score: 19.03
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1598.003 - Spearphishing Link
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 13.41
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.13
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.68
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 9.03
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1051 - Shared Webroot
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 11.50
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 7.96
Matched TTPs:
- T1099 - Timestomp
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 21.09
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1598.003 - Spearphishing Link
- T1090 - Proxy
- T1608.005 - Link Target
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 9.48
Matched TTPs:
- T1099 - Timestomp
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 5.88
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 9.62
Matched TTPs:
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.56
Matched TTPs:
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1574.009 - Path Interception by Unquoted Path
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 14.22
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1656 - Impersonation
MITREへのリンク →
Score: 32.61
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1557.002 - ARP Cache Poisoning
- T1022 - Data Encrypted
MITREへのリンク →
Score: 17.28
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1537 - Transfer Data to Cloud Account
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 24.59
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 15.64
Matched TTPs:
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 17.75
Matched TTPs:
- T1180 - Screensaver
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1537 - Transfer Data to Cloud Account
- T1022 - Data Encrypted
MITREへのリンク →
Score: 26.71
Matched TTPs:
- T1180 - Screensaver
- T1598.003 - Spearphishing Link
- T1590 - Gather Victim Network Information
- T1048 - Exfiltration Over Alternative Protocol
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 32.17
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1174 - Password Filter DLL
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.13
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1090 - Proxy
- T1136.003 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.40
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
MITREへのリンク →
Score: 3.40
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.02
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.68
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.40
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.76
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1537 - Transfer Data to Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.72
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.41
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1055.002 - Portable Executable Injection
MITREへのリンク →
Score: 5.96
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 8.29
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1584.002 - DNS Server
- T1053.002 - At
MITREへのリンク →
Score: 20.59
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
- T1048 - Exfiltration Over Alternative Protocol
- T1556.009 - Conditional Access Policies
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.87
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1053.002 - At
MITREへのリンク →
Score: 3.22
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.96
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.56
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.68
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.41
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 3.27
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 19.42
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1110.003 - Password Spraying
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1537 - Transfer Data to Cloud Account
- T1022 - Data Encrypted
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 16.09
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 9.74
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.76
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
MITREへのリンク →
Score: 8.06
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.35
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1557.002 - ARP Cache Poisoning
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1131 - Authentication Package
MITREへのリンク →
Score: 9.57
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.96
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 6.41
Matched TTPs:
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 8.02
Matched TTPs:
- T1048 - Exfiltration Over Alternative Protocol
- T1537 - Transfer Data to Cloud Account
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.20
Matched TTPs:
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 9.40
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1537 - Transfer Data to Cloud Account
- T1053.002 - At
- T1051 - Shared Webroot
- T1656 - Impersonation
- T1597 - Search Closed Sources
- T1609 - Container Administration Command
- T1546.013 - PowerShell Profile
- T1027.014 - Polymorphic Code
- T1665 - Hide Infrastructure
- T1131 - Authentication Package
- T1546.008 - Accessibility Features
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
- T1126 - Network Share Connection Removal
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1560.001 - Archive via Utility
- T1598.003 - Spearphishing Link
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1537 - Transfer Data to Cloud Account
- T1584.008 - Network Devices
- T1568 - Dynamic Resolution
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1027.004 - Compile After Delivery
- T1547.008 - LSASS Driver
- T1177 - LSASS Driver
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1547.011 - Plist Modification
- T1592.004 - Client Configurations
- T1598.003 - Spearphishing Link
- T1099 - Timestomp
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design