Trusted Design

DragonOK Backdoor Malware Deployed Against Japanese Targets

概要

This campaign involved five separate phishing attacks, each carrying a different variant of Sysget malware, also known as HelloBridge. The malware was included as an attachment intended to trick the user into opening the malware. This included altering the icon of the executable to appear as other file types as well as decoy documents to trick users into thinking they had opened a legitimate file.

Created: 2026-02-23

Indicators

類似Pulses

DragonOK Backdoor (score: 0.65)
Sykipot/WyksolTrojan (score: 0.63)
Backdoor:MSIL/Noobsrat (score: 0.62)
Backdoor:MSIL/Noobsrat (score: 0.62)
Infected Korean Website Installs Banking Malware (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 16.22

Matched TTPs:

T1036.007 - Double File Extension
T1027.012 - LNK Icon Smuggling
T1218.010 - Regsvr32
T1598 - Phishing for Information
T1027.002 - Software Packing

MITREへのリンク →

Mustang Panda

Score: 23.96

Matched TTPs:

T1036.007 - Double File Extension
T1036.008 - Masquerade File Type
T1027.012 - LNK Icon Smuggling
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Volt Typhoon

Score: 5.90

Matched TTPs:

T1036.008 - Masquerade File Type
T1027.002 - Software Packing

MITREへのリンク →

BlackByte

Score: 3.84

Matched TTPs:

T1036.008 - Masquerade File Type

MITREへのリンク →

TeamTNT

Score: 6.59

Matched TTPs:

T1610 - Deploy Container
T1027.002 - Software Packing

MITREへのリンク →

Ferocious Kitten

Score: 3.44

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

BlackTech

Score: 4.93

Matched TTPs:

T1036.002 - Right-to-Left Override
T1203 - Exploitation for Client Execution

MITREへのリンク →

Ke3chang

Score: 3.44

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

Scarlet Mimic

Score: 3.44

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

BRONZE BUTLER

Score: 4.93

Matched TTPs:

T1036.002 - Right-to-Left Override
T1203 - Exploitation for Client Execution

MITREへのリンク →

PROMETHIUM

Score: 4.13

Matched TTPs:

T1205.001 - Port Knocking

MITREへのリンク →

UNC3886

Score: 5.63

Matched TTPs:

T1205.001 - Port Knocking
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gamaredon Group

Score: 10.15

Matched TTPs:

T1027.012 - LNK Icon Smuggling
T1221 - Template Injection
T1027.015 - Compression

MITREへのリンク →

Scattered Spider

Score: 12.11

Matched TTPs:

T1204 - User Execution
T1598 - Phishing for Information
T1538 - Cloud Service Dashboard

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1204 - User Execution

MITREへのリンク →

Cobalt Group

Score: 6.99

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Storm-0501

Score: 4.80

Matched TTPs:

T1218.010 - Regsvr32
T1027.002 - Software Packing

MITREへのリンク →

Leviathan

Score: 7.39

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1027.015 - Compression

MITREへのリンク →

Inception

Score: 7.39

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

APT32

Score: 10.19

Matched TTPs:

T1218.010 - Regsvr32
T1036.003 - Rename Legitimate Utilities
T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

menuPass

Score: 3.29

Matched TTPs:

T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

Lazarus Group

Score: 17.95

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1566.003 - Spearphishing via Service

MITREへのリンク →

Daggerfly

Score: 3.29

Matched TTPs:

T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

APT38

Score: 5.34

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1027.002 - Software Packing

MITREへのリンク →

GALLIUM

Score: 5.34

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1027.002 - Software Packing

MITREへのリンク →

Saint Bear

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

APT28

Score: 19.42

Matched TTPs:

T1203 - Exploitation for Client Execution
T1598 - Phishing for Information
T1498 - Network Denial of Service
T1221 - Template Injection
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token

MITREへのリンク →

Threat Group-3390

Score: 6.70

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing
T1027.015 - Compression

MITREへのリンク →

Dragonfly

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

The White Company

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

EXOTIC LILY

Score: 4.02

Matched TTPs:

T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 6.07

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

Confucius

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Patchwork

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

Higaisa

Score: 8.49

Matched TTPs:

T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1027.015 - Compression

MITREへのリンク →

APT3

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

Transparent Tribe

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Tropic Trooper

Score: 10.06

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1221 - Template Injection
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Aoqin Dragon

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

APT41

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

Elderwood

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

OilRig

Score: 6.76

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

TA2541

Score: 7.95

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1027.002 - Software Packing
T1027.015 - Compression

MITREへのリンク →

RedCurl

Score: 5.41

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Medusa Group

Score: 4.80

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1027.002 - Software Packing

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

ZIRCONIUM

Score: 5.49

Matched TTPs:

T1598 - Phishing for Information
T1027.002 - Software Packing

MITREへのリンク →

Moonstone Sleet

Score: 5.96

Matched TTPs:

T1598 - Phishing for Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

Dark Caracal

Score: 4.58

Matched TTPs:

T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

Rocke

Score: 4.72

Matched TTPs:

T1027.002 - Software Packing
T1564.001 - Hidden Files and Directories

MITREへのリンク →

HAFNIUM

Score: 6.80

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1056.004 - Credential API Hooking

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.80

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1027.012 - LNK Icon Smuggling
T1203 - Exploitation for Client Execution
T1036.007 - Double File Extension
T1036.008 - Masquerade File Type

MITREへのリンク →

APT28

Score: 0.67

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1598 - Phishing for Information
T1550.001 - Application Access Token
T1203 - Exploitation for Client Execution
T1221 - Template Injection
T1498 - Network Denial of Service

MITREへのリンク →

Lazarus Group

Score: 0.62

Matched TTPs:

T1566.003 - Spearphishing via Service
T1001.003 - Protocol or Service Impersonation
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1036.003 - Rename Legitimate Utilities
T1203 - Exploitation for Client Execution

MITREへのリンク →

Kimsuky

Score: 0.57

Matched TTPs:

T1598 - Phishing for Information
T1027.012 - LNK Icon Smuggling
T1036.007 - Double File Extension
T1027.002 - Software Packing
T1218.010 - Regsvr32

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る