Operation TaxShadow: Multi-Region Tax Phishing & In-Memory Malware Campaign
概要
A sophisticated multi-stage malware campaign targets victims through tax-themed phishing emails impersonating Indian and Japanese government authorities. The operation leverages social engineering, fraudulent tax notifications, and trusted third-party email delivery services to distribute ZIP archives containing three staged payloads. The malware implements advanced evasion techniques including DLL Search Order Hijacking, API hooking, token manipulation, Mersenne Twister-based execution logic, COM callback execution, mutated RC4 encryption, and reflective PE loading. Execution occurs primarily in memory, significantly reducing forensic artifacts. The malware establishes persistent WebSocket-based command-and-control communication through HTTP protocol upgrades, allowing malicious traffic to blend with legitimate activity. Chinese-language artifacts were observed throughout the infrastructure and code, though attribution remains at moderate confidence. The campaign demonstrates characteristics of a mature, ...
Created: 2026-06-05
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 12.25
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1555.003 - Credentials from Web Browsers
- T1608.005 - Link Target
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 14.03
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 20.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.18
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.52
Matched TTPs:
- T1560.001 - Archive via Utility
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1656 - Impersonation
MITREへのリンク →
Score: 37.89
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1003.007 - Proc Filesystem
- T1556.002 - Password Filter DLL
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1488 - Disk Content Wipe
- T1584.002 - DNS Server
- T1159 - Launch Agent
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 11.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 40.78
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1159 - Launch Agent
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 15.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1574 - Hijack Execution Flow
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 9.01
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1218 - System Binary Proxy Execution
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 14.21
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.29
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 7.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 9.72
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 12.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 20.37
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1177 - LSASS Driver
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 20.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
MITREへのリンク →
Score: 25.88
Matched TTPs:
- T1560.001 - Archive via Utility
- T1222.002 - Linux and Mac Permissions
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1574.009 - Path Interception by Unquoted Path
- T1585 - Establish Accounts
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 18.17
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 26.12
Matched TTPs:
- T1560.001 - Archive via Utility
- T1556.002 - Password Filter DLL
- T1546.011 - Application Shimming
- T1218 - System Binary Proxy Execution
- T1009 - Binary Padding
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1488 - Disk Content Wipe
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 50.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1588.001 - Malware
- T1609 - Container Administration Command
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 16.06
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 10.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1027 - Obfuscated Files or Information
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 20.58
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 6.07
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 22.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 15.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 32.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.01
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1588.001 - Malware
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 39.27
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1202 - Indirect Command Execution
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1036.002 - Right-to-Left Override
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 29.95
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 33.01
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1560.003 - Archive via Custom Method
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1543.003 - Windows Service
MITREへのリンク →
Score: 27.68
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.45
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1090 - Proxy
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 13.19
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1588.001 - Malware
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 19.83
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1560.003 - Archive via Custom Method
- T1527 - Application Access Token
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 18.47
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.70
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 8.87
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1588.001 - Malware
- T1087.004 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 10.92
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 13.96
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1159 - Launch Agent
MITREへのリンク →
Score: 26.99
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1036.002 - Right-to-Left Override
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 12.81
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1036.002 - Right-to-Left Override
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 5.98
Matched TTPs:
- T1682 - Query Public AI Services
- T1543.003 - Windows Service
MITREへのリンク →
Score: 17.03
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1531 - Account Access Removal
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 19.03
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1574.009 - Path Interception by Unquoted Path
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 11.99
Matched TTPs:
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1656 - Impersonation
MITREへのリンク →
Score: 15.85
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1588.001 - Malware
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 31.60
Matched TTPs:
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
MITREへのリンク →
Score: 23.85
Matched TTPs:
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
MITREへのリンク →
Score: 6.86
Matched TTPs:
- T1543.003 - Windows Service
- T1087.004 - Cloud Account
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1543.003 - Windows Service
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.79
Matched TTPs:
- T1543.003 - Windows Service
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.25
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1036.002 - Right-to-Left Override
MITREへのリンク →
Score: 36.60
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.39
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1588.001 - Malware
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 20.95
Matched TTPs:
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1592.002 - Software
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1543.003 - Windows Service
- T1159 - Launch Agent
MITREへのリンク →
Score: 9.84
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 4.28
Matched TTPs:
- T1543.003 - Windows Service
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 12.75
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 7.20
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1036.002 - Right-to-Left Override
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 25.11
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.90
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1036.002 - Right-to-Left Override
- T1588.001 - Malware
MITREへのリンク →
Score: 7.54
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 16.68
Matched TTPs:
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.21
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
MITREへのリンク →
Score: 4.44
Matched TTPs:
- T1009 - Binary Padding
- T1588.001 - Malware
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1009 - Binary Padding
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.88
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.11
Matched TTPs:
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 14.35
Matched TTPs:
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 16.50
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1159 - Launch Agent
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.85
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 4.31
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1159 - Launch Agent
MITREへのリンク →
Score: 4.49
Matched TTPs:
- T1588.001 - Malware
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 5.49
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1159 - Launch Agent
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1584.002 - DNS Server
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1591.001 - Determine Physical Locations
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1656 - Impersonation
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1608.005 - Link Target
- T1027.014 - Polymorphic Code
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1665 - Hide Infrastructure
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1027.004 - Compile After Delivery
- T1597 - Search Closed Sources
- T1555.003 - Credentials from Web Browsers
- T1087.004 - Cloud Account
- T1213.006 - Databases
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1136.003 - Cloud Account
- T1546.013 - PowerShell Profile
- T1159 - Launch Agent
- T1608.005 - Link Target
- T1183 - Image File Execution Options Injection
- T1560.001 - Archive via Utility
- T1055.005 - Thread Local Storage
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1556 - Modify Authentication Process
- T1555.003 - Credentials from Web Browsers
- T1546.011 - Application Shimming
- T1169 - Sudo
- T1087.004 - Cloud Account
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design