Trusted Design

Data-Stealing NionSpy File Infector

概要

W32/NionSpy is a family of malware that steals information from infected machines and replicates to new machines over networks and removable thumb drives. Aside from stealing keystrokes, passwords, Bitcoins, system information, and files on disk, NionSpy (also known as Mewsei and MewsSpy) can record video (using the webcam), audio (using the microphone), take screenshots, and use infected machines as a proxy tunnel to connect to other machines within the network.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Medusa Group

Score: 20.52
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1135 - Network Share Discovery
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

INC Ransom

Score: 7.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1135 - Network Share Discovery
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Gamaredon Group

Score: 19.15
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1025 - Data from Removable Media
  • T1091 - Replication Through Removable Media
  • T1070.004 - File Deletion
  • T1561.001 - Disk Content Wipe
  • T1027.015 - Compression
MITREへのリンク →

APT32

Score: 25.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.011 - Fileless Storage
  • T1135 - Network Share Discovery
  • T1550.003 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1564.004 - NTFS File Attributes
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Mustang Panda

Score: 18.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1091 - Replication Through Removable Media
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1070.004 - File Deletion
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

MuddyWater

Score: 6.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1027.003 - Steganography
MITREへのリンク →

Wizard Spider

Score: 16.89
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1135 - Network Share Discovery
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1070.004 - File Deletion
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Leviathan

Score: 16.75
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1197 - BITS Jobs
  • T1027.015 - Compression
MITREへのリンク →

Velvet Ant

Score: 6.52
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

FIN7

Score: 15.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1091 - Replication Through Removable Media
  • T1674 - Input Injection
  • T1125 - Video Capture
MITREへのリンク →

GALLIUM

Score: 5.83
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

Volt Typhoon

Score: 13.63
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1006 - Direct Volume Access
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Blue Mockingbird

Score: 7.12
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1218.010 - Regsvr32
MITREへのリンク →

Lazarus Group

Score: 17.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
  • T1027.007 - Dynamic API Resolution
  • T1561.001 - Disk Content Wipe
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sandworm Team

Score: 5.16
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Earth Lusca

Score: 4.58
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.003 - Steganography
MITREへのリンク →

TA2541

Score: 9.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1573.002 - Asymmetric Cryptography
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

APT29

Score: 20.04
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1550.003 - Pass the Ticket
  • T1553.005 - Mark-of-the-Web Bypass
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1070.004 - File Deletion
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
MITREへのリンク →

OilRig

Score: 17.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1025 - Data from Removable Media
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN6

Score: 8.42
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Deep Panda

Score: 4.29
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.010 - Regsvr32
MITREへのリンク →

Threat Group-3390

Score: 11.28
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 6.58
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Ember Bear

Score: 9.00
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1125 - Video Capture
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Chimera

Score: 7.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1135 - Network Share Discovery
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

BlackByte

Score: 7.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1135 - Network Share Discovery
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

FIN13

Score: 3.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1135 - Network Share Discovery
MITREへのリンク →

Magic Hound

Score: 7.45
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

APT41

Score: 13.05
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1135 - Network Share Discovery
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

FIN8

Score: 14.40
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Dragonfly

Score: 6.07
Matched TTPs:
  • T1113 - Screen Capture
  • T1135 - Network Share Discovery
  • T1070.004 - File Deletion
MITREへのリンク →

BRONZE BUTLER

Score: 10.55
Matched TTPs:
  • T1113 - Screen Capture
  • T1550.003 - Pass the Ticket
  • T1027.003 - Steganography
  • T1070.004 - File Deletion
MITREへのリンク →

APT28

Score: 23.24
Matched TTPs:
  • T1113 - Screen Capture
  • T1025 - Data from Removable Media
  • T1091 - Replication Through Removable Media
  • T1092 - Communication Through Removable Media
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1070.004 - File Deletion
  • T1669 - Wi-Fi Networks
MITREへのリンク →

MoustachedBouncer

Score: 4.34
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.002 - Software Packing
MITREへのリンク →

Silence

Score: 7.51
Matched TTPs:
  • T1113 - Screen Capture
  • T1125 - Video Capture
  • T1070.004 - File Deletion
MITREへのリンク →

Group5

Score: 3.67
Matched TTPs:
  • T1113 - Screen Capture
  • T1070.004 - File Deletion
MITREへのリンク →

APT39

Score: 11.56
Matched TTPs:
  • T1113 - Screen Capture
  • T1135 - Network Share Discovery
  • T1197 - BITS Jobs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Kimsuky

Score: 11.62
Matched TTPs:
  • T1113 - Screen Capture
  • T1218.010 - Regsvr32
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Dark Caracal

Score: 4.34
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.002 - Software Packing
MITREへのリンク →

Turla

Score: 12.82
Matched TTPs:
  • T1027.011 - Fileless Storage
  • T1025 - Data from Removable Media
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 8.26
Matched TTPs:
  • T1006 - Direct Volume Access
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

APT37

Score: 11.19
Matched TTPs:
  • T1123 - Audio Capture
  • T1027.003 - Steganography
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT38

Score: 13.30
Matched TTPs:
  • T1135 - Network Share Discovery
  • T1553.005 - Mark-of-the-Web Bypass
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Tropic Trooper

Score: 12.59
Matched TTPs:
  • T1135 - Network Share Discovery
  • T1091 - Replication Through Removable Media
  • T1573.002 - Asymmetric Cryptography
  • T1027.003 - Steganography
  • T1070.004 - File Deletion
MITREへのリンク →

LuminousMoth

Score: 3.03
Matched TTPs:
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Aoqin Dragon

Score: 7.32
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

Darkhotel

Score: 3.03
Matched TTPs:
  • T1091 - Replication Through Removable Media
MITREへのリンク →

TA505

Score: 5.90
Matched TTPs:
  • T1553.005 - Mark-of-the-Web Bypass
  • T1027.002 - Software Packing
MITREへのリンク →

CURIUM

Score: 3.84
Matched TTPs:
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
MITREへのリンク →

Storm-1811

Score: 6.08
Matched TTPs:
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Metador

Score: 4.21
Matched TTPs:
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1070.004 - File Deletion
MITREへのリンク →

APT33

Score: 5.58
Matched TTPs:
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

TA551

Score: 5.78
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
MITREへのリンク →

Cobalt Group

Score: 6.87
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
MITREへのリンク →

Storm-0501

Score: 4.80
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1027.002 - Software Packing
MITREへのリンク →

RedCurl

Score: 4.13
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
MITREへのリンク →

FIN10

Score: 3.62
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

UNC3886

Score: 3.62
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Andariel

Score: 3.03
Matched TTPs:
  • T1027.003 - Steganography
MITREへのリンク →

Patchwork

Score: 6.87
Matched TTPs:
  • T1197 - BITS Jobs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

LAPSUS$

Score: 4.13
Matched TTPs:
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

TeamTNT

Score: 3.43
Matched TTPs:
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Contagious Interview

Score: 4.13
Matched TTPs:
  • T1070.004 - File Deletion
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT3

Score: 3.43
Matched TTPs:
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

The White Company

Score: 3.43
Matched TTPs:
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Rocke

Score: 3.43
Matched TTPs:
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

BlackTech

Score: 3.15
Matched TTPs:
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Higaisa

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT32

Score: 0.77
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1135 - Network Share Discovery
  • T1550.003 - Pass the Ticket
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
  • T1027.011 - Fileless Storage
  • T1564.004 - NTFS File Attributes
MITREへのリンク →

APT28

Score: 0.72
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1092 - Communication Through Removable Media
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1113 - Screen Capture
  • T1669 - Wi-Fi Networks
  • T1091 - Replication Through Removable Media
  • T1070.004 - File Deletion
MITREへのリンク →

Medusa Group

Score: 0.67
Matched TTPs:
  • T1218.014 - MMC
  • T1573.002 - Asymmetric Cryptography
  • T1027.002 - Software Packing
  • T1529 - System Shutdown/Reboot
  • T1570 - Lateral Tool Transfer
  • T1135 - Network Share Discovery
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
MITREへのリンク →

APT29

Score: 0.61
Matched TTPs:
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1553.005 - Mark-of-the-Web Bypass
  • T1550.003 - Pass the Ticket
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
MITREへのリンク →

Gamaredon Group

Score: 0.60
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1113 - Screen Capture
  • T1561.001 - Disk Content Wipe
  • T1027.015 - Compression
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Mustang Panda

Score: 0.59
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1027.007 - Dynamic API Resolution
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.003 - Code Signing Certificates
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Lazarus Group

Score: 0.57
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1561.001 - Disk Content Wipe
  • T1027.007 - Dynamic API Resolution
  • T1529 - System Shutdown/Reboot
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
MITREへのリンク →

Wizard Spider

Score: 0.56
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1197 - BITS Jobs
  • T1570 - Lateral Tool Transfer
  • T1135 - Network Share Discovery
  • T1588.003 - Code Signing Certificates
  • T1047 - Windows Management Instrumentation
  • T1070.004 - File Deletion
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る