Iranian-Nexus Operation Against Oman's Government: 12 Ministries Hit and 26,000 Citizen Records Exposed
概要
An exposed command and control server on RouterHosting infrastructure revealed an active Iranian-nexus intrusion campaign targeting twelve Omani government ministries. The operation primarily focused on the Ministry of Justice and Legal Affairs, deploying custom webshells that provided persistent access through April 2026. Over 26,000 user records containing judicial case data, committee decisions, and registry hives were exfiltrated. The attacker utilized ProxyShell exploits, DotNetNuke vulnerabilities, and custom Python scripts targeting Exchange servers, SQL databases, and Oracle systems. Infrastructure analysis revealed connections to spoofed Iranian diaspora media and censorship circumvention tools, with tactical overlaps indicating MOIS-linked groups such as APT34 and MuddyWater. The campaign specifically targeted judicial records, immigration systems, and citizen identity data across multiple government entities.
Created: 2026-05-06
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 30.17
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1131 - Authentication Package
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1059.004 - Unix Shell
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 31.68
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1027.018 - Invisible Unicode
- T1484 - Domain or Tenant Policy Modification
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.52
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.57
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.62
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1090 - Proxy
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.19
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1117 - Regsvr32
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.14
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.54
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1587.003 - Digital Certificates
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1588.001 - Malware
- T1218.001 - Compiled HTML File
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.56
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1048 - Exfiltration Over Alternative Protocol
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 38.58
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1126 - Network Share Connection Removal
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.86
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.11
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.51
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.75
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1588.001 - Malware
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 56.63
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1608.005 - Link Target
- T1654 - Log Enumeration
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1126 - Network Share Connection Removal
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
MITREへのリンク →
Score: 8.58
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.13
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1117 - Regsvr32
- T1101 - Security Support Provider
MITREへのリンク →
Score: 31.70
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1055.005 - Thread Local Storage
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.35
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.71
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 38.32
Matched TTPs:
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1010 - Application Window Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.21
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 34.07
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.09
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1608.005 - Link Target
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.43
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.48
Matched TTPs:
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 17.70
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 10.36
Matched TTPs:
- T1099 - Timestomp
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 29.68
Matched TTPs:
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1556.002 - Password Filter DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1488 - Disk Content Wipe
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.85
Matched TTPs:
- T1099 - Timestomp
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1584.008 - Network Devices
- T1530 - Data from Cloud Storage
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.69
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1059.004 - Unix Shell
MITREへのリンク →
Score: 19.33
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1055.013 - Process Doppelgänging
- T1654 - Log Enumeration
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 18.48
Matched TTPs:
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.86
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 27.53
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1048 - Exfiltration Over Alternative Protocol
- T1574.009 - Path Interception by Unquoted Path
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 5.80
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 13.91
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 22.86
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1010 - Application Window Discovery
- T1218.003 - CMSTP
- T1055.004 - Asynchronous Procedure Call
- T1574.009 - Path Interception by Unquoted Path
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 16.50
Matched TTPs:
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.98
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1003.003 - NTDS
MITREへのリンク →
Score: 13.89
Matched TTPs:
- T1587.003 - Digital Certificates
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.89
Matched TTPs:
- T1587.003 - Digital Certificates
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 11.35
Matched TTPs:
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 10.38
Matched TTPs:
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 28.58
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 24.08
Matched TTPs:
- T1484.002 - Trust Modification
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.09
Matched TTPs:
- T1686.003 - Windows Host Firewall
- T1140 - Deobfuscate/Decode Files or Information
- T1588.001 - Malware
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 17.95
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1599 - Network Boundary Bridging
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 20.57
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1048 - Exfiltration Over Alternative Protocol
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 28.62
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1117 - Regsvr32
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1048 - Exfiltration Over Alternative Protocol
- T1059.004 - Unix Shell
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.51
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 23.72
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1153 - Source
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1022 - Data Encrypted
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 9.01
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1588.001 - Malware
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.94
Matched TTPs:
- T1530 - Data from Cloud Storage
- T1588.001 - Malware
MITREへのリンク →
Score: 11.19
Matched TTPs:
- T1530 - Data from Cloud Storage
- T1059.004 - Unix Shell
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 25.31
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1059.004 - Unix Shell
- T1488 - Disk Content Wipe
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.19
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1022 - Data Encrypted
MITREへのリンク →
Score: 25.99
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 5.30
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 14.04
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 9.19
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 9.74
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.38
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
MITREへのリンク →
Score: 8.62
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 4.76
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
MITREへのリンク →
Score: 6.71
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 6.56
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.34
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 15.86
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1599 - Network Boundary Bridging
- T1486 - Data Encrypted for Impact
- T1030 - Data Transfer Size Limits
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 10.68
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1599 - Network Boundary Bridging
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 30.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
- T1022 - Data Encrypted
MITREへのリンク →
Score: 12.77
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1588.001 - Malware
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 33.18
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.16
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1197 - BITS Jobs
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 3.61
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1588.001 - Malware
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 13.65
Matched TTPs:
- T1547.005 - Security Support Provider
- T1556.008 - Network Provider DLL
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.44
Matched TTPs:
- T1009 - Binary Padding
- T1588.001 - Malware
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1131 - Authentication Package
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.28
Matched TTPs:
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1059.004 - Unix Shell
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.13
Matched TTPs:
- T1117 - Regsvr32
- T1562.001 - Disable or Modify Tools
- T1027.018 - Invisible Unicode
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.18
Matched TTPs:
- T1177 - LSASS Driver
- T1059.004 - Unix Shell
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 11.99
Matched TTPs:
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.49
Matched TTPs:
- T1588.001 - Malware
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 6.21
Matched TTPs:
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 4.80
Matched TTPs:
- T1574.009 - Path Interception by Unquoted Path
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.70
Matched TTPs:
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1591.001 - Determine Physical Locations
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1654 - Log Enumeration
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1027.014 - Polymorphic Code
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1565.002 - Transmitted Data Manipulation
- T1126 - Network Share Connection Removal
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1546.013 - PowerShell Profile
- T1131 - Authentication Package
- T1027.004 - Compile After Delivery
- T1009 - Binary Padding
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1213.006 - Databases
- T1588.001 - Malware
- T1027.018 - Invisible Unicode
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design