「検知」を基準としたシナリオベースの評価マトリックス
シナリオ1:「Carbanak」による金融機関に対する攻撃の検知結果(後半)
*〇、△、×の列は、各行の検知状況の集計です。
| ID | OT | PA | RQ | SO | So | Sy | TM | Up | VCB | 〇 | △ | × | |
| 初 期 侵 入 |
1.A.1 | △ | △ | 〇 | 〇 | △ | 〇 | 〇 | △ | △ | 19 | 9 | 1 |
| 1.A.2 | 〇 | 〇 | 〇 | 〇 | △ | △ | 〇 | 〇 | 〇 | 16 | 10 | 3 | |
| 1.A.3 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 27 | 2 | 0 | |
| 1.A.4 | × | 〇 | × | 〇 | × | △ | 〇 | △ | △ | 10 | 7 | 12 | |
| 1.A.5 | △ | 〇 | 〇 | △ | △ | △ | 〇 | 〇 | △ | 14 | 14 | 1 | |
| 1.A.6 | △ | 〇 | △ | △ | △ | △ | 〇 | 〇 | △ | 10 | 17 | 2 | |
| 1.A.7 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 24 | 5 | 0 | |
| 1.A.8 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | 26 | 3 | 0 | |
| 1.A.9 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 28 | 1 | 0 | |
| 1.A.10 | × | 〇 | × | 〇 | × | × | 〇 | × | × | 7 | 5 | 17 | |
| 1.A.11 | × | 〇 | × | 〇 | × | 〇 | 〇 | × | △ | 7 | 8 | 14 | |
| ロ ー カ ル 端 末 の 探 索 と 収 集 |
2.A.1 | ||||||||||||
| 2.A.2 | × | 〇 | 〇 | 〇 | × | 〇 | 〇 | × | × | 12 | 3 | 14 | |
| 2.A.3 | |||||||||||||
| 2.A.4 | × | 〇 | 〇 | 〇 | × | 〇 | 〇 | × | 〇 | 14 | 2 | 13 | |
| 2.B.1 | △ | △ | 〇 | 〇 | △ | △ | △ | 〇 | 〇 | 15 | 12 | 2 | |
| 2.B.2 | 〇 | △ | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 27 | 2 | 0 | |
| 2.B.3 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | 26 | 3 | 0 | |
| 2.B.4 | 〇 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | △ | △ | 21 | 5 | 3 | |
| 2.B.5 | △ | △ | × | 〇 | △ | × | △ | × | × | 4 | 8 | 17 | |
| 第 2 の R A T 感 染 |
3.A.1 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 27 | 2 | 0 |
| 3.A.2 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | 〇 | 〇 | 24 | 5 | 0 | |
| 3.A.3 | △ | △ | △ | △ | △ | △ | △ | △ | △ | 6 | 23 | 0 | |
| 3.B.1 | 〇 | 〇 | 〇 | 〇 | △ | △ | △ | 〇 | 〇 | 19 | 9 | 1 | |
| 3.B.2 | 〇 | △ | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 25 | 4 | 0 | |
| 3.B.3 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 25 | 4 | 0 | |
| 3.B.4 | △ | △ | △ | 〇 | △ | 〇 | 〇 | △ | △ | 15 | 13 | 1 | |
| 3.B.5 | △ | 〇 | 〇 | 〇 | △ | 〇 | 〇 | △ | 〇 | 18 | 9 | 2 | |
| 3.B.6 | △ | 〇 | 〇 | 〇 | △ | 〇 | 〇 | △ | 〇 | 23 | 6 | 0 | |
| 3.B.7 | △ | △ | △ | 〇 | × | × | 〇 | × | △ | 9 | 10 | 10 | |
| ド メ イ ン の 探 索 と 資 格 情 報 の ダ ン プ |
4.A.1 | 〇 | × | × | 〇 | × | × | × | × | △ | 4 | 2 | 23 |
| 4.A.2 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | △ | △ | 19 | 8 | 2 | |
| 4.A.3 | 〇 | 〇 | △ | △ | △ | 〇 | 〇 | △ | △ | 14 | 14 | 1 | |
| 4.A.4 | △ | 〇 | 〇 | 〇 | × | 〇 | 〇 | △ | △ | 13 | 11 | 5 | |
| 4.B.1 | △ | 〇 | △ | 〇 | △ | 〇 | △ | 〇 | △ | 12 | 15 | 2 | |
| 4.B.2 | △ | 〇 | 〇 | 〇 | △ | 〇 | 〇 | 〇 | 〇 | 23 | 6 | 0 | |
| 4.B.3 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 24 | 5 | 0 | |
| 4.B.4 | 〇 | △ | △ | 〇 | △ | 〇 | 〇 | △ | 〇 | 19 | 10 | 0 | |
| 4.B.5 | × | 〇 | △ | △ | 〇 | 〇 | 〇 | 〇 | 〇 | 24 | 2 | 3 | |
| 4.B.6 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 24 | 5 | 0 | |
| 4.B.7 | 〇 | 〇 | 〇 | 〇 | × | 〇 | 〇 | × | 〇 | 24 | 0 | 5 | |
| 水 平 展 開 |
5.A.1 | △ | 〇 | 〇 | 〇 | △ | △ | 〇 | 〇 | 〇 | 14 | 14 | 1 |
| 5.A.2 | 〇 | 〇 | △ | 〇 | △ | △ | △ | △ | 〇 | 11 | 14 | 4 | |
| 5.A.3 | △ | 〇 | △ | 〇 | △ | △ | △ | △ | △ | 7 | 17 | 5 | |
| 5.A.4 | △ | 〇 | 〇 | 〇 | △ | △ | 〇 | 〇 | 〇 | 14 | 14 | 1 | |
| 5.A.5 | △ | 〇 | 〇 | 〇 | △ | △ | 〇 | 〇 | 〇 | 15 | 13 | 1 | |
| 5.A.6 | 〇 | △ | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | △ | 25 | 4 | 0 | |
| 5.A.7 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | 〇 | 〇 | 18 | 4 | 0 | |
| 5.A.8 | - | × | × | 〇 | - | 〇 | 〇 | △ | △ | 10 | 5 | 7 | |
| 5.A.9 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | △ | 〇 | 17 | 5 | 0 | |
| 5.A.10 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | △ | 〇 | 17 | 5 | 0 | |
| 5.A.11 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | △ | 〇 | 17 | 5 | 0 | |
| 5.B.1 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | △ | 〇 | 17 | 5 | 0 | |
| 5.B.2 | - | 〇 | × | 〇 | - | 〇 | 〇 | △ | △ | 12 | 6 | 4 | |
| 5.B.3 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | 〇 | △ | 17 | 5 | 0 | |
| 5.B.4 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | △ | △ | 14 | 7 | 1 | |
| 5.B.5 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | △ | △ | 14 | 8 | 0 | |
| 5.B.6 | - | 〇 | 〇 | 〇 | - | 〇 | 〇 | △ | △ | 14 | 8 | 0 | |
| 5.B.7 | - | 〇 | △ | 〇 | - | 〇 | 〇 | △ | △ | 14 | 8 | 0 | |
| 5.C.1 | △ | 〇 | △ | 〇 | △ | 〇 | 〇 | × | 〇 | 15 | 10 | 4 | |
| 5.C.2 | △ | 〇 | × | △ | △ | 〇 | 〇 | 〇 | 〇 | 17 | 7 | 5 | |
| 5.C.3 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | △ | △ | 24 | 5 | 0 | |
| 5.C.4 | △ | △ | × | 〇 | △ | 〇 | 〇 | 〇 | △ | 11 | 11 | 7 | |
| 5.C.5 | △ | 〇 | 〇 | 〇 | △ | 〇 | 〇 | △ | △ | 16 | 13 | 0 | |
| 5.C.6 | × | 〇 | × | 〇 | × | 〇 | 〇 | × | × | 15 | 0 | 14 | |
| 探 索 |
6.A.1 | 〇 | △ | △ | 〇 | △ | △ | × | △ | 〇 | 11 | 11 | 7 |
| 6.A.2 | 〇 | 〇 | △ | △ | △ | △ | 〇 | △ | 〇 | 16 | 7 | 6 | |
| 6.A.3 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | △ | △ | 20 | 5 | 4 | |
| 水 平 展 開 ( C F O ) |
7.A.1 | △ | 〇 | 〇 | 〇 | △ | 〇 | △ | 〇 | 〇 | 14 | 13 | 2 |
| 7.A.2 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | △ | △ | 24 | 5 | 0 | |
| 7.A.3 | × | △ | × | 〇 | × | 〇 | 〇 | × | △ | 6 | 4 | 19 | |
| 7.A.4 | △ | 〇 | △ | 〇 | △ | 〇 | 〇 | △ | △ | 16 | 12 | 1 | |
| 7.A.5 | △ | 〇 | 〇 | △ | △ | 〇 | 〇 | 〇 | 〇 | 19 | 7 | 3 | |
| 7.B.1 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | 〇 | 〇 | 22 | 7 | 0 | |
| 7.B.2 | △ | 〇 | 〇 | 〇 | △ | 〇 | 〇 | △ | △ | 16 | 12 | 1 | |
| 7.B.3 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 22 | 6 | 1 | |
| 7.C.1 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | △ | △ | 〇 | 19 | 10 | 0 | |
| 7.C.2 | △ | 〇 | × | 〇 | × | × | 〇 | × | × | 3 | 2 | 24 | |
| 7.C.3 | △ | 〇 | △ | 〇 | △ | △ | △ | △ | 〇 | 9 | 18 | 2 | |
| 7.C.4 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 29 | 0 | 0 | |
| 実 行 |
8.A.1 | 〇 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | 〇 | 25 | 4 | 0 |
| 8.A.2 | × | 〇 | × | 〇 | × | 〇 | 〇 | × | × | 10 | 1 | 18 | |
| 8.A.3 | × | 〇 | × | 〇 | × | 〇 | 〇 | × | △ | 9 | 4 | 16 | |
| 収 集 |
9.A.1 | △ | 〇 | 〇 | 〇 | △ | 〇 | △ | 〇 | 〇 | 18 | 11 | 0 |
| 9.A.2 | × | 〇 | × | 〇 | × | × | 〇 | × | 〇 | 15 | 2 | 12 | |
| 9.A.3 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | 〇 | △ | 23 | 2 | 4 | |
| 9.A.4 | × | 〇 | × | 〇 | × | × | × | × | × | 6 | 1 | 22 | |
| 9.A.5 | 〇 | 〇 | × | 〇 | △ | △ | △ | × | × | 6 | 8 | 15 | |
| 9.B.1 | △ | 〇 | 〇 | 〇 | △ | 〇 | △ | △ | 〇 | 14 | 14 | 1 | |
| 9.B.2 | 〇 | 〇 | △ | △ | △ | △ | 〇 | × | △ | 12 | 12 | 5 | |
| 9.B.3 | 〇 | 〇 | 〇 | 〇 | △ | 〇 | 〇 | △ | 〇 | 22 | 7 | 0 | |
| V N C の 永 続 性 |
10.A.1 | △ | 〇 | × | 〇 | △ | △ | △ | 〇 | 〇 | 9 | 16 | 4 |
| 10.A.2 | △ | 〇 | × | 〇 | △ | △ | △ | △ | 〇 | 8 | 16 | 5 | |
| 10.A.3 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 23 | 4 | 2 | |
| 10.A.4 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 | 26 | 2 | 1 | |
| 10.A.5 | 〇 | △ | △ | 〇 | △ | 〇 | 〇 | △ | △ | 13 | 8 | 8 | |
| 10.A.6 | 〇 | 〇 | △ | 〇 | △ | 〇 | 〇 | △ | 〇 | 18 | 9 | 2 | |
| 10.B.1 | 〇 | 〇 | 〇 | 〇 | △ | △ | 〇 | △ | 〇 | 13 | 13 | 3 |
AL:AhnLab
Bf:Bitdefender
CP:Check Point
ci:Cisco
CS:CrowdStrike
Cr:Cybereason
CC:CyCraft
BC:BlackBerry Cylance
Cn:Cynet
El:Elastic
ES:ESET
Fi:Fidelis
FE:FireEye
Fo:Fortinet
F-S:F-Secure
GS:GoSecure
Mb:Malwarebytes
MA:McAfee
MF:Micro Focus
Ms:Microsoft
OT:Open Text
PA:Palo Alto
RQ:ReaQta
SO:SentinelOne
So:Sophos
Sy:Symantec
TM:Trend Micro
Up:Uptycs
VCB:VMware Carbon Black
Bf:Bitdefender
CP:Check Point
ci:Cisco
CS:CrowdStrike
Cr:Cybereason
CC:CyCraft
BC:BlackBerry Cylance
Cn:Cynet
El:Elastic
ES:ESET
Fi:Fidelis
FE:FireEye
Fo:Fortinet
F-S:F-Secure
GS:GoSecure
Mb:Malwarebytes
MA:McAfee
MF:Micro Focus
Ms:Microsoft
OT:Open Text
PA:Palo Alto
RQ:ReaQta
SO:SentinelOne
So:Sophos
Sy:Symantec
TM:Trend Micro
Up:Uptycs
VCB:VMware Carbon Black