Trusted Design

Linux/Moose

概要

Linux/Moose is a malware family that primarily targets Linux-based consumer routers but that can infect other Linux-based embedded systems in its path. The compromised devices are used to steal unencrypted network traffic and offer proxying services to the botnet operator. In practice, these capabilities are used to steal HTTP Cookies on popular social network sites and perform fraudulent actions such as non-legitimate "follows", "views" and "likes" on such sites.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 28.58
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1091 - Replication Through Removable Media
  • T1602.002 - Network Device Configuration Dump
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1126 - Network Share Connection Removal
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 5.72
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ember Bear

Score: 6.99
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Indrik Spider

Score: 5.87
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 3.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Contagious Interview

Score: 15.73
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 18.88
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
MITREへのリンク →

Star Blizzard

Score: 9.54
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1168 - Local Job Scheduling
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

APT41

Score: 11.59
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1045 - Software Packing
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1008 - Fallback Channels
MITREへのリンク →

Rocke

Score: 13.72
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1036.009 - Break Process Trees
  • T1612 - Build Image on Host
  • T1556.005 - Reversible Encryption
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 12.41
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT28

Score: 27.81
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1139 - Bash History
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1205.001 - Port Knocking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

UNC3886

Score: 12.98
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1016.001 - Internet Connection Discovery
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Magic Hound

Score: 18.41
Matched TTPs:
  • T1099 - Timestomp
  • T1036.009 - Break Process Trees
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

HEXANE

Score: 7.12
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
MITREへのリンク →

APT29

Score: 16.06
Matched TTPs:
  • T1099 - Timestomp
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 19.31
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA2541

Score: 9.19
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

Lotus Blossom

Score: 8.83
Matched TTPs:
  • T1099 - Timestomp
  • T1016.001 - Internet Connection Discovery
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 11.40
Matched TTPs:
  • T1099 - Timestomp
  • T1556.005 - Reversible Encryption
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

HAFNIUM

Score: 13.41
Matched TTPs:
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Turla

Score: 29.41
Matched TTPs:
  • T1099 - Timestomp
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Volt Typhoon

Score: 17.06
Matched TTPs:
  • T1099 - Timestomp
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1546.016 - Installer Packages
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 9.61
Matched TTPs:
  • T1099 - Timestomp
  • T1612 - Build Image on Host
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
MITREへのリンク →

FIN6

Score: 8.20
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1612 - Build Image on Host
  • T1547.008 - LSASS Driver
MITREへのリンク →

CopyKittens

Score: 5.49
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1045 - Software Packing
MITREへのリンク →

Mustang Panda

Score: 27.09
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Lazarus Group

Score: 40.85
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1547.011 - Plist Modification
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT5

Score: 7.47
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

Ke3chang

Score: 5.03
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1556.005 - Reversible Encryption
MITREへのリンク →

INC Ransom

Score: 3.44
Matched TTPs:
  • T1036.009 - Break Process Trees
MITREへのリンク →

Velvet Ant

Score: 6.37
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 17.00
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

LuminousMoth

Score: 5.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

OilRig

Score: 10.33
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1547.008 - LSASS Driver
MITREへのリンク →

LazyScripter

Score: 8.97
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
MITREへのリンク →

Threat Group-3390

Score: 9.57
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
MITREへのリンク →

TA505

Score: 5.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BlackByte

Score: 3.16
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BITTER

Score: 4.65
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT32

Score: 10.96
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

Moonstone Sleet

Score: 9.53
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1556.005 - Reversible Encryption
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 8.98
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1578.001 - Create Snapshot
MITREへのリンク →

EXOTIC LILY

Score: 8.51
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 9.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1556.005 - Reversible Encryption
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

APT39

Score: 9.26
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
MITREへのリンク →

Tonto Team

Score: 4.24
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
MITREへのリンク →

APT3

Score: 4.24
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
MITREへのリンク →

MuddyWater

Score: 9.84
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

LAPSUS$

Score: 8.93
Matched TTPs:
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

POLONIUM

Score: 6.75
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
MITREへのリンク →

Fox Kitten

Score: 4.86
Matched TTPs:
  • T1045 - Software Packing
  • T1612 - Build Image on Host
MITREへのリンク →

Scattered Spider

Score: 8.93
Matched TTPs:
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
MITREへのリンク →

Metador

Score: 3.65
Matched TTPs:
  • T1136.002 - Domain Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Andariel

Score: 5.72
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Axiom

Score: 11.42
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

RedCurl

Score: 3.71
Matched TTPs:
  • T1612 - Build Image on Host
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Inception

Score: 5.20
Matched TTPs:
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Medusa Group

Score: 6.82
Matched TTPs:
  • T1608.005 - Link Target
  • T1556.005 - Reversible Encryption
  • T1216 - System Script Proxy Execution
MITREへのリンク →

ZIRCONIUM

Score: 7.00
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1578.001 - Create Snapshot
MITREへのリンク →

Confucius

Score: 4.69
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

CURIUM

Score: 14.35
Matched TTPs:
  • T1205.001 - Port Knocking
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 6.37
Matched TTPs:
  • T1205.001 - Port Knocking
  • T1547.008 - LSASS Driver
MITREへのリンク →

Leviathan

Score: 10.22
Matched TTPs:
  • T1554 - Compromise Host Software Binary
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Winter Vivern

Score: 6.58
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT37

Score: 10.47
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 5.27
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
MITREへのリンク →

Dragonfly

Score: 6.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

The White Company

Score: 4.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

BlackTech

Score: 4.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Patchwork

Score: 6.54
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Higaisa

Score: 12.05
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

BRONZE BUTLER

Score: 10.32
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

Transparent Tribe

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 5.85
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Windshift

Score: 5.48
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT38

Score: 6.58
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Dark Caracal

Score: 5.48
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 5.79
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
MITREへのリンク →

Chimera

Score: 3.78
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
MITREへのリンク →

Wizard Spider

Score: 4.34
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1216 - System Script Proxy Execution
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1016.001 - Internet Connection Discovery
  • T1569.002 - Service Execution
  • T1547.011 - Plist Modification
  • T1546.016 - Installer Packages
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
  • T1567.002 - Exfiltration to Cloud Storage
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Turla

Score: 0.63
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1045 - Software Packing
  • T1099 - Timestomp
  • T1569.002 - Service Execution
  • T1136.002 - Domain Account
  • T1546.016 - Installer Packages
  • T1556.005 - Reversible Encryption
  • T1612 - Build Image on Host
MITREへのリンク →

APT28

Score: 0.58
Matched TTPs:
  • T1546.007 - Netsh Helper DLL
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1139 - Bash History
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
  • T1499.001 - OS Exhaustion Flood
  • T1556.005 - Reversible Encryption
  • T1205.001 - Port Knocking
MITREへのリンク →

Mustang Panda

Score: 0.56
Matched TTPs:
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1016.001 - Internet Connection Discovery
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1567.002 - Exfiltration to Cloud Storage
  • T1612 - Build Image on Host
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 0.56
Matched TTPs:
  • T1608.005 - Link Target
  • T1602.002 - Network Device Configuration Dump
  • T1547.002 - Authentication Package
  • T1126 - Network Share Connection Removal
  • T1091 - Replication Through Removable Media
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1008 - Fallback Channels
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る