Trusted Design

Data-Stealing NionSpy File Infector

概要

W32/NionSpy is a family of malware that steals information from infected machines and replicates to new machines over networks and removable thumb drives. Aside from stealing keystrokes, passwords, Bitcoins, system information, and files on disk, NionSpy (also known as Mewsei and MewsSpy) can record video (using the webcam), audio (using the microphone), take screenshots, and use infected machines as a proxy tunnel to connect to other machines within the network.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Medusa Group

Score: 20.52
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1128 - Netsh Helper DLL
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

INC Ransom

Score: 7.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

Gamaredon Group

Score: 19.15
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1552.005 - Cloud Instance Metadata API
  • T1058 - Service Registry Permissions Weakness
  • T1070.009 - Clear Persistence
  • T1086 - PowerShell
  • T1546.017 - Udev Rules
MITREへのリンク →

APT32

Score: 25.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1007 - System Service Discovery
  • T1592.004 - Client Configurations
  • T1027.014 - Polymorphic Code
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1484 - Domain or Tenant Policy Modification
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustang Panda

Score: 18.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1058 - Service Registry Permissions Weakness
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

MuddyWater

Score: 6.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Wizard Spider

Score: 16.89
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1566.004 - Spearphishing Voice
  • T1001.003 - Protocol or Service Impersonation
  • T1070.009 - Clear Persistence
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Leviathan

Score: 16.75
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204 - User Execution
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1001.003 - Protocol or Service Impersonation
  • T1546.017 - Udev Rules
MITREへのリンク →

Velvet Ant

Score: 6.52
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1128 - Netsh Helper DLL
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

FIN7

Score: 15.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1058 - Service Registry Permissions Weakness
  • T1011.001 - Exfiltration Over Bluetooth
  • T1098.004 - SSH Authorized Keys
MITREへのリンク →

GALLIUM

Score: 5.83
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Volt Typhoon

Score: 13.63
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1213.002 - Sharepoint
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Blue Mockingbird

Score: 7.12
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204 - User Execution
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Lazarus Group

Score: 17.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1086 - PowerShell
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Sandworm Team

Score: 5.16
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

Earth Lusca

Score: 4.58
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

TA2541

Score: 9.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

APT29

Score: 20.04
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1592.004 - Client Configurations
  • T1138 - Application Shimming
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
  • T1555.004 - Windows Credential Manager
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

OilRig

Score: 17.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1552.005 - Cloud Instance Metadata API
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN6

Score: 8.42
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1556 - Modify Authentication Process
MITREへのリンク →

Deep Panda

Score: 4.29
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Threat Group-3390

Score: 11.28
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

APT42

Score: 6.58
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Ember Bear

Score: 9.00
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1098.004 - SSH Authorized Keys
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

Chimera

Score: 7.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

BlackByte

Score: 7.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

FIN13

Score: 3.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
MITREへのリンク →

Magic Hound

Score: 7.45
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT41

Score: 13.05
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1566.004 - Spearphishing Voice
  • T1001.003 - Protocol or Service Impersonation
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN8

Score: 14.40
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204 - User Execution
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Dragonfly

Score: 6.07
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1007 - System Service Discovery
  • T1070.009 - Clear Persistence
MITREへのリンク →

BRONZE BUTLER

Score: 10.55
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1592.004 - Client Configurations
  • T1562.011 - Spoof Security Alerting
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT28

Score: 23.24
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1552.005 - Cloud Instance Metadata API
  • T1058 - Service Registry Permissions Weakness
  • T1078.001 - Default Accounts
  • T1205.001 - Port Knocking
  • T1070.009 - Clear Persistence
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

MoustachedBouncer

Score: 4.34
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Silence

Score: 7.51
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1098.004 - SSH Authorized Keys
  • T1070.009 - Clear Persistence
MITREへのリンク →

Group5

Score: 3.67
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT39

Score: 11.56
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1007 - System Service Discovery
  • T1001.003 - Protocol or Service Impersonation
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Kimsuky

Score: 11.62
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1027.014 - Polymorphic Code
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Dark Caracal

Score: 4.34
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Turla

Score: 12.82
Matched TTPs:
  • T1113 - Screen Capture
  • T1552.005 - Cloud Instance Metadata API
  • T1204 - User Execution
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Scattered Spider

Score: 8.26
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1557.002 - ARP Cache Poisoning
MITREへのリンク →

APT37

Score: 11.19
Matched TTPs:
  • T1485.001 - Lifecycle-Triggered Deletion
  • T1562.011 - Spoof Security Alerting
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT38

Score: 13.30
Matched TTPs:
  • T1007 - System Service Discovery
  • T1138 - Application Shimming
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Tropic Trooper

Score: 12.59
Matched TTPs:
  • T1007 - System Service Discovery
  • T1058 - Service Registry Permissions Weakness
  • T1128 - Netsh Helper DLL
  • T1562.011 - Spoof Security Alerting
  • T1070.009 - Clear Persistence
MITREへのリンク →

LuminousMoth

Score: 3.03
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Aoqin Dragon

Score: 7.32
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Darkhotel

Score: 3.03
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

TA505

Score: 5.90
Matched TTPs:
  • T1138 - Application Shimming
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

CURIUM

Score: 3.84
Matched TTPs:
  • T1205.001 - Port Knocking
MITREへのリンク →

Storm-1811

Score: 6.08
Matched TTPs:
  • T1205.001 - Port Knocking
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Metador

Score: 4.21
Matched TTPs:
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT33

Score: 5.58
Matched TTPs:
  • T1204 - User Execution
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA551

Score: 5.78
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Cobalt Group

Score: 6.87
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
MITREへのリンク →

Storm-0501

Score: 4.80
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedCurl

Score: 4.13
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
MITREへのリンク →

FIN10

Score: 3.62
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

UNC3886

Score: 3.62
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

Andariel

Score: 3.03
Matched TTPs:
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Patchwork

Score: 6.87
Matched TTPs:
  • T1001.003 - Protocol or Service Impersonation
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

LAPSUS$

Score: 4.13
Matched TTPs:
  • T1557.002 - ARP Cache Poisoning
MITREへのリンク →

TeamTNT

Score: 3.43
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Contagious Interview

Score: 4.13
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT3

Score: 3.43
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

The White Company

Score: 3.43
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Rocke

Score: 3.43
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

BlackTech

Score: 3.15
Matched TTPs:
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Higaisa

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT32

Score: 0.77
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1566.004 - Spearphishing Voice
  • T1556 - Modify Authentication Process
  • T1113 - Screen Capture
  • T1484 - Domain or Tenant Policy Modification
  • T1070.009 - Clear Persistence
  • T1007 - System Service Discovery
  • T1027.014 - Polymorphic Code
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

APT28

Score: 0.72
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1546.007 - Netsh Helper DLL
  • T1205.001 - Port Knocking
  • T1552.005 - Cloud Instance Metadata API
  • T1070.009 - Clear Persistence
  • T1156 - Malicious Shell Modification
  • T1078.001 - Default Accounts
MITREへのリンク →

Medusa Group

Score: 0.67
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1128 - Netsh Helper DLL
  • T1216 - System Script Proxy Execution
  • T1070.009 - Clear Persistence
  • T1007 - System Service Discovery
  • T1094 - Custom Command and Control Protocol
  • T1537 - Transfer Data to Cloud Account
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

APT29

Score: 0.61
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1555.004 - Windows Credential Manager
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1138 - Application Shimming
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

Gamaredon Group

Score: 0.60
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1546.017 - Udev Rules
  • T1070.009 - Clear Persistence
  • T1552.005 - Cloud Instance Metadata API
  • T1156 - Malicious Shell Modification
  • T1086 - PowerShell
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

Mustang Panda

Score: 0.59
Matched TTPs:
  • T1526 - Cloud Service Discovery
  • T1058 - Service Registry Permissions Weakness
  • T1556 - Modify Authentication Process
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
  • T1047 - Windows Management Instrumentation
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Lazarus Group

Score: 0.57
Matched TTPs:
  • T1216 - System Script Proxy Execution
  • T1556 - Modify Authentication Process
  • T1070.009 - Clear Persistence
  • T1086 - PowerShell
  • T1047 - Windows Management Instrumentation
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Wizard Spider

Score: 0.56
Matched TTPs:
  • T1526 - Cloud Service Discovery
  • T1001.003 - Protocol or Service Impersonation
  • T1566.004 - Spearphishing Voice
  • T1556 - Modify Authentication Process
  • T1070.009 - Clear Persistence
  • T1007 - System Service Discovery
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る