TA4922: The Suspected Chinese Crime Group is Going Global
概要
TA4922 is a highly sophisticated Chinese-speaking threat actor demonstrating rapid operational tempo and continually evolving malware capabilities. Initially targeting East Asia, particularly Japan, the group has expanded globally to Europe and Africa. The actor deploys multiple malware families including Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT (Winos4.0), alongside legitimate remote management tools like AnyDesk and SyncFuture. Campaigns use localized lures themed around HR, payroll, tax, and invoicing, targeting hundreds to thousands of recipients per campaign. TA4922 conducts credential phishing, fraud operations including credit card theft, and attempts to shift communications to out-of-band channels like LINE, WhatsApp, and Microsoft Teams. The group leverages legitimate cloud hosting services and trusted software for delivery and persistence, combining advanced tradecraft with financially motivated objectives such as data theft, fraud, access resale, and persistent remote access.
Created: 2026-06-04
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 9.97
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
MITREへのリンク →
Score: 14.03
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 16.08
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.18
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.84
Matched TTPs:
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
- T1097 - Pass the Ticket
- T1656 - Impersonation
MITREへのリンク →
Score: 33.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1584.002 - DNS Server
- T1065 - Uncommonly Used Port
- T1159 - Launch Agent
MITREへのリンク →
Score: 11.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 33.79
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1159 - Launch Agent
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 5.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1218 - System Binary Proxy Execution
MITREへのリンク →
Score: 10.65
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1097 - Pass the Ticket
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.29
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 27.23
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
- T1564.003 - Hidden Window
- T1008 - Fallback Channels
MITREへのリンク →
Score: 22.52
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
MITREへのリンク →
Score: 16.42
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1097 - Pass the Ticket
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 20.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 21.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
- T1591.001 - Determine Physical Locations
- T1008 - Fallback Channels
MITREへのリンク →
Score: 16.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1218 - System Binary Proxy Execution
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 40.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1008 - Fallback Channels
MITREへのリンク →
Score: 10.81
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 10.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1027 - Obfuscated Files or Information
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 16.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 9.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1109 - Component Firmware
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 15.73
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 21.58
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 31.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 37.56
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1109 - Component Firmware
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1543.003 - Windows Service
MITREへのリンク →
Score: 20.60
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.52
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.45
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1090 - Proxy
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1090 - Proxy
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 30.50
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 16.54
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 17.65
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1065 - Uncommonly Used Port
MITREへのリンク →
Score: 12.09
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
MITREへのリンク →
Score: 10.92
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 9.38
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1543.003 - Windows Service
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 15.18
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 7.92
Matched TTPs:
- T1109 - Component Firmware
- T1543.003 - Windows Service
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 32.57
Matched TTPs:
- T1109 - Component Firmware
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.29
Matched TTPs:
- T1109 - Component Firmware
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 20.10
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1065 - Uncommonly Used Port
- T1159 - Launch Agent
MITREへのリンク →
Score: 31.99
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1202 - Indirect Command Execution
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 21.73
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1608.005 - Link Target
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 5.98
Matched TTPs:
- T1682 - Query Public AI Services
- T1543.003 - Windows Service
MITREへのリンク →
Score: 18.04
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1097 - Pass the Ticket
- T1531 - Account Access Removal
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 13.13
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1574.009 - Path Interception by Unquoted Path
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 15.34
Matched TTPs:
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1656 - Impersonation
MITREへのリンク →
Score: 15.77
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1686.003 - Windows Host Firewall
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 16.11
Matched TTPs:
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
MITREへのリンク →
Score: 3.46
Matched TTPs:
- T1543.003 - Windows Service
- T1608.005 - Link Target
MITREへのリンク →
Score: 3.79
Matched TTPs:
- T1543.003 - Windows Service
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 25.16
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.32
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 19.37
Matched TTPs:
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1592.002 - Software
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1543.003 - Windows Service
- T1159 - Launch Agent
MITREへのリンク →
Score: 12.77
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 4.73
Matched TTPs:
- T1543.003 - Windows Service
- T1008 - Fallback Channels
MITREへのリンク →
Score: 20.89
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1153 - Source
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 25.87
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 17.68
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 8.93
Matched TTPs:
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.16
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1008 - Fallback Channels
MITREへのリンク →
Score: 10.78
Matched TTPs:
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 10.61
Matched TTPs:
- T1009 - Binary Padding
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1547.011 - Plist Modification
- T1097 - Pass the Ticket
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 11.90
Matched TTPs:
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1097 - Pass the Ticket
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1584.002 - DNS Server
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.21
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1008 - Fallback Channels
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1591.001 - Determine Physical Locations
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1543.003 - Windows Service
- T1183 - Image File Execution Options Injection
- T1546.013 - PowerShell Profile
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
- T1098.007 - Additional Local or Domain Groups
- T1109 - Component Firmware
- T1597 - Search Closed Sources
- T1656 - Impersonation
- T1008 - Fallback Channels
- T1009 - Binary Padding
- T1565.002 - Transmitted Data Manipulation
- T1213.006 - Databases
- T1609 - Container Administration Command
MITREへのリンク →
Score: 0.65
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1083 - File and Directory Discovery
- T1098.007 - Additional Local or Domain Groups
- T1609 - Container Administration Command
- T1109 - Component Firmware
- T1565.002 - Transmitted Data Manipulation
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1685.004 - Disable or Modify Linux Audit System Log
- T1547.005 - Security Support Provider
- T1564.003 - Hidden Window
- T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1543.003 - Windows Service
- T1183 - Image File Execution Options Injection
- T1169 - Sudo
- T1546.013 - PowerShell Profile
- T1560.001 - Archive via Utility
- T1556 - Modify Authentication Process
- T1608.005 - Link Target
- T1136.003 - Cloud Account
- T1098.007 - Additional Local or Domain Groups
- T1055.005 - Thread Local Storage
- T1159 - Launch Agent
- T1055.004 - Asynchronous Procedure Call
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1099 - Timestomp
- T1065 - Uncommonly Used Port
- T1003.007 - Proc Filesystem
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1584.002 - DNS Server
- T1159 - Launch Agent
- T1049 - System Network Connections Discovery
- T1055.004 - Asynchronous Procedure Call
- T1547.005 - Security Support Provider
- T1686.003 - Windows Host Firewall
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1543.003 - Windows Service
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1562.001 - Disable or Modify Tools
- T1098.007 - Additional Local or Domain Groups
- T1109 - Component Firmware
- T1016.002 - Wi-Fi Discovery
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1484.002 - Trust Modification
- T1562.004 - Disable or Modify System Firewall
- T1686.003 - Windows Host Firewall
MITREへのリンク →
Score: 0.55
Matched TTPs:
- T1177 - LSASS Driver
- T1543.003 - Windows Service
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1027.004 - Compile After Delivery
- T1608.005 - Link Target
- T1202 - Indirect Command Execution
- T1556.008 - Network Provider DLL
- T1592.004 - Client Configurations
- T1547.011 - Plist Modification
- T1562.004 - Disable or Modify System Firewall
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design