Trusted Design

New POS Malware Emerges - Punkey

概要

During a recent United States Secret Service investigation, Trustwave encountered a new family of POS malware, that we named Punkey. It appears to have evolved from the NewPOSthings family of malware first discovered by Dennis Schwarz and Dave Loftus at Arbor Networks. While this malware shares some commonalities with that family, it departs from the standard operating procedure of the previous versions rather dramatically. In a blog post, TrendMicro also detailed recently compiled versions of the NewPOSthings family that bear a closer resemblance to NewPOSthings than Punkey. This suggests that multiple actors may be using similar source code, or the malware is being customized as a service for targeted campaigns. Because of the active investigation, I cannot reveal C&C domains used in the samples.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 20.33
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1049 - System Network Connections Discovery
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Patchwork

Score: 6.03
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1008 - Fallback Channels
MITREへのリンク →

APT42

Score: 6.24
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

BRONZE BUTLER

Score: 12.06
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 11.81
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Lazarus Group

Score: 20.41
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1606.002 - SAML Tokens
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1174 - Password Filter DLL
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 4.76
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1608.005 - Link Target
MITREへのリンク →

APT19

Score: 5.49
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1027.014 - Polymorphic Code
MITREへのリンク →

HAFNIUM

Score: 10.72
Matched TTPs:
  • T1161 - LC_LOAD_DYLIB Addition
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT41

Score: 15.14
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1560.003 - Archive via Custom Method
  • T1588.001 - Malware
  • T1548.006 - TCC Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

Scattered Spider

Score: 9.60
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TA505

Score: 9.23
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
MITREへのリンク →

Volt Typhoon

Score: 9.25
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1049 - System Network Connections Discovery
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT3

Score: 6.91
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

FIN13

Score: 12.00
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Kimsuky

Score: 19.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027.014 - Polymorphic Code
  • T1008 - Fallback Channels
  • T1053.002 - At
MITREへのリンク →

Moonstone Sleet

Score: 8.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 16.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1608.005 - Link Target
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 14.14
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 10.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1588.001 - Malware
MITREへのリンク →

LuminousMoth

Score: 6.53
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

APT29

Score: 10.48
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aoqin Dragon

Score: 4.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Turla

Score: 6.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

Ke3chang

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Mustang Panda

Score: 14.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TeamTNT

Score: 7.77
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

FIN7

Score: 9.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
MITREへのリンク →

TA2541

Score: 7.96
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

Earth Lusca

Score: 7.96
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

Mustard Tempest

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

LazyScripter

Score: 10.15
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

Gamaredon Group

Score: 5.50
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

Star Blizzard

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Threat Group-3390

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

SideCopy

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

BITTER

Score: 5.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
MITREへのリンク →

APT32

Score: 19.66
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
MITREへのリンク →

HEXANE

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Saint Bear

Score: 3.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

EXOTIC LILY

Score: 6.01
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 8.49
Matched TTPs:
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
MITREへのリンク →

APT28

Score: 12.60
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1548.006 - TCC Manipulation
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Storm-1811

Score: 9.85
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT1

Score: 7.26
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1053.002 - At
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

Leviathan

Score: 4.26
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Dragonfly

Score: 7.48
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1578.002 - Create Cloud Instance
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Transparent Tribe

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1053.002 - At
MITREへのリンク →

ZIRCONIUM

Score: 7.81
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1608.005 - Link Target
MITREへのリンク →

Magic Hound

Score: 15.06
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

APT38

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1174 - Password Filter DLL
MITREへのリンク →

Winter Vivern

Score: 5.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
MITREへのリンク →

CURIUM

Score: 4.04
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

menuPass

Score: 9.33
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1174 - Password Filter DLL
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Windshift

Score: 4.71
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.008 - LSASS Driver
MITREへのリンク →

LAPSUS$

Score: 4.80
Matched TTPs:
  • T1136.002 - Domain Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Aquatic Panda

Score: 4.55
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.001 - Malware
MITREへのリンク →

BackdoorDiplomacy

Score: 4.55
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.001 - Malware
MITREへのリンク →

Wizard Spider

Score: 4.44
Matched TTPs:
  • T1588.001 - Malware
  • T1548.006 - TCC Manipulation
MITREへのリンク →

FIN6

Score: 6.96
Matched TTPs:
  • T1588.001 - Malware
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 4.44
Matched TTPs:
  • T1588.001 - Malware
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-0501

Score: 4.84
Matched TTPs:
  • T1588.001 - Malware
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 12.70
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1114.002 - Remote Email Collection
  • T1160 - Launch Daemon
MITREへのリンク →

Medusa Group

Score: 4.35
Matched TTPs:
  • T1608.005 - Link Target
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Daggerfly

Score: 3.29
Matched TTPs:
  • T1174 - Password Filter DLL
MITREへのリンク →

GALLIUM

Score: 3.29
Matched TTPs:
  • T1174 - Password Filter DLL
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Rocke

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.82
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
  • T1161 - LC_LOAD_DYLIB Addition
  • T1055.005 - Thread Local Storage
  • T1608.005 - Link Target
  • T1588.001 - Malware
  • T1174 - Password Filter DLL
  • T1606.002 - SAML Tokens
MITREへのリンク →

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1548.006 - TCC Manipulation
  • T1091 - Replication Through Removable Media
  • T1161 - LC_LOAD_DYLIB Addition
  • T1049 - System Network Connections Discovery
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT32

Score: 0.79
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1098.007 - Additional Local or Domain Groups
  • T1027.014 - Polymorphic Code
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1588.001 - Malware
  • T1558 - Steal or Forge Kerberos Tickets
  • T1174 - Password Filter DLL
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1053.002 - At
  • T1098.007 - Additional Local or Domain Groups
  • T1027.014 - Polymorphic Code
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1588.001 - Malware
  • T1008 - Fallback Channels
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT41

Score: 0.65
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1548.006 - TCC Manipulation
  • T1539 - Steal Web Session Cookie
  • T1588.001 - Malware
  • T1008 - Fallback Channels
MITREへのリンク →

Magic Hound

Score: 0.64
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
  • T1608.005 - Link Target
  • T1588.001 - Malware
  • T1053.002 - At
MITREへのリンク →

Contagious Interview

Score: 0.63
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1021.006 - Windows Remote Management
  • T1547.008 - LSASS Driver
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
MITREへのリンク →

Mustang Panda

Score: 0.58
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1548.006 - TCC Manipulation
  • T1091 - Replication Through Removable Media
  • T1055.005 - Thread Local Storage
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
MITREへのリンク →

OilRig

Score: 0.58
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1548.006 - TCC Manipulation
  • T1608.005 - Link Target
  • T1558 - Steal or Forge Kerberos Tickets
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

TA551

Score: 0.55
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1027.014 - Polymorphic Code
  • T1558 - Steal or Forge Kerberos Tickets
  • T1161 - LC_LOAD_DYLIB Addition
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る