China-Linked Fake Consulting Sites Targeting US Clearance Holders Seized
概要
US Federal authorities have seized 13 domains allegedly used in a Chinese intelligence-linked operation to recruit Americans with access to classified government information. The websites posed as legitimate consulting firms, offering vague consultancy and advisory roles to current and former US government employees, military personnel, and security clearance holders. The operation, which began in November 2023, used fake company websites, online job postings, and social media recruiting to approach potential targets. Recruiters offered paid consulting work, then pressured candidates to share confidential insider information. The campaign employed false personas, stolen identities, AI-generated profile photos, encrypted messaging, cryptocurrency, and fake contracts to appear legitimate. Job postings appeared on platforms including Upwork, Expertia AI, and Hubstaff Talent, covering topics aligned with Chinese government interests.
Created: 2026-06-11
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 11.96
Matched TTPs:
- T1560.001 - Archive via Utility
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1099 - Timestomp
- T1555.003 - Credentials from Web Browsers
- T1608.005 - Link Target
MITREへのリンク →
Score: 14.58
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1590.003 - Network Trust Dependencies
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
MITREへのリンク →
Score: 18.60
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.18
Matched TTPs:
- T1560.001 - Archive via Utility
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 26.44
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1003.007 - Proc Filesystem
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1083 - File and Directory Discovery
- T1488 - Disk Content Wipe
- T1584.002 - DNS Server
MITREへのリンク →
Score: 7.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 31.32
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1590.003 - Network Trust Dependencies
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 15.73
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1590.003 - Network Trust Dependencies
- T1504 - PowerShell Profile
- T1574 - Hijack Execution Flow
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.88
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 14.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.001 - Spearphishing Attachment
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 10.08
Matched TTPs:
- T1560.001 - Archive via Utility
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.95
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 7.75
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.70
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
MITREへのリンク →
Score: 18.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1588.001 - Malware
- T1048 - Exfiltration Over Alternative Protocol
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 20.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.71
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1139 - Bash History
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1585 - Establish Accounts
MITREへのリンク →
Score: 19.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1003.007 - Proc Filesystem
- T1590.003 - Network Trust Dependencies
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.25
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 20.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1689 - Downgrade Attack
- T1021.006 - Windows Remote Management
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1488 - Disk Content Wipe
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 42.70
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1588.001 - Malware
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 10.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1547.011 - Plist Modification
- T1051 - Shared Webroot
MITREへのリンク →
Score: 14.22
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1504 - PowerShell Profile
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 13.59
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
MITREへのリンク →
Score: 7.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1504 - PowerShell Profile
MITREへのリンク →
Score: 23.66
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1588.001 - Malware
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 18.73
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1110.003 - Password Spraying
- T1504 - PowerShell Profile
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 35.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1504 - PowerShell Profile
- T1588.001 - Malware
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 13.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1504 - PowerShell Profile
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.003 - Network Trust Dependencies
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
MITREへのリンク →
Score: 24.39
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 12.82
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.93
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
MITREへのリンク →
Score: 14.71
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.003 - Network Trust Dependencies
- T1547.011 - Plist Modification
- T1048 - Exfiltration Over Alternative Protocol
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 34.38
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1059.006 - Python
- T1601.001 - Patch System Image
- T1126 - Network Share Connection Removal
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.37
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 25.05
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1560.003 - Archive via Custom Method
- T1527 - Application Access Token
- T1590.003 - Network Trust Dependencies
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 19.47
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.18
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.003 - Network Trust Dependencies
- T1588.001 - Malware
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 11.34
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 22.59
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 26.73
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1590.003 - Network Trust Dependencies
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
- T1086 - PowerShell
MITREへのリンク →
Score: 8.07
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1682 - Query Public AI Services
MITREへのリンク →
Score: 29.43
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.52
Matched TTPs:
- T1584.008 - Network Devices
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 13.48
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1573 - Encrypted Channel
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.94
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 14.92
Matched TTPs:
- T1584.008 - Network Devices
- T1005 - Data from Local System
- T1555.003 - Credentials from Web Browsers
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 14.24
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1504 - PowerShell Profile
- T1588.001 - Malware
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 32.83
Matched TTPs:
- T1484.002 - Trust Modification
- T1590.003 - Network Trust Dependencies
- T1005 - Data from Local System
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 20.43
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
MITREへのリンク →
Score: 30.61
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1590.003 - Network Trust Dependencies
- T1098.007 - Additional Local or Domain Groups
- T1503 - Credentials from Web Browsers
- T1555.003 - Credentials from Web Browsers
- T1590 - Gather Victim Network Information
- T1048 - Exfiltration Over Alternative Protocol
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 24.54
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1005 - Data from Local System
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
- T1048 - Exfiltration Over Alternative Protocol
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.21
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1110.003 - Password Spraying
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 18.49
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 32.69
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1588.001 - Malware
- T1608.005 - Link Target
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1086 - PowerShell
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.08
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.42
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1584.002 - DNS Server
MITREへのリンク →
Score: 8.18
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1555.003 - Credentials from Web Browsers
- T1136.003 - Cloud Account
MITREへのリンク →
Score: 6.97
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1504 - PowerShell Profile
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 7.97
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1588.001 - Malware
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 12.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 3.61
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1588.001 - Malware
MITREへのリンク →
Score: 5.57
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 10.21
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
MITREへのリンク →
Score: 3.86
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1588.001 - Malware
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.85
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.96
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1504 - PowerShell Profile
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1589.003 - Employee Names
MITREへのリンク →
Score: 4.49
Matched TTPs:
- T1588.001 - Malware
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →
Score: 4.20
Matched TTPs:
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 6.54
Matched TTPs:
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.79
Matched TTPs:
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1098.007 - Additional Local or Domain Groups
- T1560.001 - Archive via Utility
- T1213.006 - Databases
- T1546.008 - Accessibility Features
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1126 - Network Share Connection Removal
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1588.001 - Malware
- T1608.005 - Link Target
- T1555.003 - Credentials from Web Browsers
- T1027.004 - Compile After Delivery
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1016.002 - Wi-Fi Discovery
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1504 - PowerShell Profile
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1608.005 - Link Target
- T1601.001 - Patch System Image
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
- T1099 - Timestomp
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1021.006 - Windows Remote Management
- T1547.005 - Security Support Provider
- T1546.013 - PowerShell Profile
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
- T1059.006 - Python
- T1183 - Image File Execution Options Injection
- T1126 - Network Share Connection Removal
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design