Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms
概要
From January through May 2026, a financially motivated data theft extortion campaign executed by threat cluster UNC3753 targeted dozens of organizations across professional, legal, and financial services in the United States. The threat actors leverage voice phishing and social engineering techniques, posing as IT support to convince targets to host screen-sharing sessions and download remote monitoring and management utilities. Once inside environments, they conduct searches to locate and exfiltrate highly sensitive data including proprietary legal agreements, personally identifiable information, and financial records for subsequent extortion demands. The entire attack sequence often occurs within a single business day, with recent incidents showing data theft initiated in under an hour. Notably, threat actors have also accessed victims' systems in person, with individuals posing as IT technicians entering corporate offices to attempt direct exfiltration using USB storage media.
Created: 2026-06-08
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 32.99
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1592.004 - Client Configurations
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 29.37
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 31.97
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1131 - Authentication Package
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1205.001 - Port Knocking
- T1218.010 - Regsvr32
- T1197 - BITS Jobs
- T1585 - Establish Accounts
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 40.46
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1556.008 - Network Provider DLL
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 10.64
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 14.34
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 16.45
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 16.43
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 18.37
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 13.81
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1562.004 - Disable or Modify System Firewall
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 8.98
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 34.75
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 15.44
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 16.88
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 12.61
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.77
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1218.010 - Regsvr32
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 63.30
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1552.003 - Shell History
- T1608 - Stage Capabilities
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1656 - Impersonation
- T1601.001 - Patch System Image
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
MITREへのリンク →
Score: 10.92
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.37
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 37.31
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1546.011 - Application Shimming
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1608 - Stage Capabilities
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1218.010 - Regsvr32
- T1159 - Launch Agent
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.25
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
- T1657 - Financial Theft
MITREへのリンク →
Score: 28.15
Matched TTPs:
- T1099 - Timestomp
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 17.66
Matched TTPs:
- T1099 - Timestomp
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 23.91
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1090 - Proxy
- T1608 - Stage Capabilities
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1099 - Timestomp
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 18.16
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 10.11
Matched TTPs:
- T1099 - Timestomp
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 32.23
Matched TTPs:
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1584.002 - DNS Server
- T1065 - Uncommonly Used Port
- T1159 - Launch Agent
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 9.70
Matched TTPs:
- T1099 - Timestomp
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1682 - Query Public AI Services
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 20.56
Matched TTPs:
- T1584.008 - Network Devices
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 16.75
Matched TTPs:
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
MITREへのリンク →
Score: 6.15
Matched TTPs:
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 21.35
Matched TTPs:
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 4.36
Matched TTPs:
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 10.65
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 15.99
Matched TTPs:
- T1584.008 - Network Devices
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1678 - Delay Execution
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 16.38
Matched TTPs:
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 20.21
Matched TTPs:
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1218.010 - Regsvr32
- T1656 - Impersonation
- T1003.003 - NTDS
MITREへのリンク →
Score: 32.57
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1552.003 - Shell History
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
MITREへのリンク →
Score: 15.59
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1686.003 - Windows Host Firewall
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 38.34
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1016.002 - Wi-Fi Discovery
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1063 - Security Software Discovery
- T1555.003 - Credentials from Web Browsers
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 19.15
Matched TTPs:
- T1484.002 - Trust Modification
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 14.75
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
MITREへのリンク →
Score: 21.94
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1153 - Source
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 19.22
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1218.010 - Regsvr32
- T1592.002 - Software
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.78
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.69
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1601.001 - Patch System Image
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.49
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.28
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 11.20
Matched TTPs:
- T1137.005 - Outlook Rules
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 15.95
Matched TTPs:
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 21.86
Matched TTPs:
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 9.25
Matched TTPs:
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 20.52
Matched TTPs:
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 16.87
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
MITREへのリンク →
Score: 8.93
Matched TTPs:
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.88
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 5.17
Matched TTPs:
- T1009 - Binary Padding
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 28.78
Matched TTPs:
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1218.010 - Regsvr32
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.54
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 13.85
Matched TTPs:
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1131 - Authentication Package
- T1552.003 - Shell History
MITREへのリンク →
Score: 4.36
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 11.52
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1205.001 - Port Knocking
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 9.19
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 17.73
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1136.003 - Cloud Account
- T1218.010 - Regsvr32
- T1159 - Launch Agent
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 12.69
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1055.013 - Process Doppelgänging
- T1656 - Impersonation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.35
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 9.54
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
MITREへのリンク →
Score: 6.79
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 9.57
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 3.78
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 8.99
Matched TTPs:
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 11.97
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1657 - Financial Theft
- T1584.002 - DNS Server
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 7.25
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1177 - LSASS Driver
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.17
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1159 - Launch Agent
MITREへのリンク →
Score: 10.28
Matched TTPs:
- T1083 - File and Directory Discovery
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 13.76
Matched TTPs:
- T1205.001 - Port Knocking
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.64
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1218.010 - Regsvr32
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.99
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 4.33
Matched TTPs:
- T1218.010 - Regsvr32
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.19
Matched TTPs:
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1665 - Hide Infrastructure
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1552.003 - Shell History
- T1546.011 - Application Shimming
- T1213.006 - Databases
- T1590.006 - Network Security Appliances
- T1027.004 - Compile After Delivery
- T1546.008 - Accessibility Features
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1608 - Stage Capabilities
- T1197 - BITS Jobs
- T1546.013 - PowerShell Profile
- T1665 - Hide Infrastructure
- T1009 - Binary Padding
- T1601.001 - Patch System Image
- T1609 - Container Administration Command
- T1131 - Authentication Package
- T1555.003 - Credentials from Web Browsers
- T1003.003 - NTDS
- T1183 - Image File Execution Options Injection
- T1030 - Data Transfer Size Limits
- T1656 - Impersonation
- T1027.014 - Polymorphic Code
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design