Pulse Detail-

Linux/Moose

概要

Linux/Moose is a malware family that primarily targets Linux-based consumer routers but that can infect other Linux-based embedded systems in its path. The compromised devices are used to steal unencrypted network traffic and offer proxying services to the botnet operator. In practice, these capabilities are used to steal HTTP Cookies on popular social network sites and perform fraudulent actions such as non-legitimate "follows", "views" and "likes" on such sites.

Created: 2026-02-23

Indicators

類似Pulses

MMD-0047-2015 - SSHV: SSH bruter ELF botnet malware (score: 0.63)
ELF binaries, c-grade gateway routers - Gafgyt - Sharky variant (score: 0.59)
New Trojan for Linux infects routers (score: 0.55)
A Look Into Fysbis: Sofacy’s Linux Backdoor (score: 0.55)
Linux/PnScan ; ELF worm (score: 0.54)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 28.58

Matched TTPs:

T1583 - Acquire Infrastructure
T1560.003 - Archive via Custom Method
T1608.001 - Upload Malware
T1185 - Browser Session Hijacking
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1588.003 - Code Signing Certificates
T1587 - Develop Capabilities
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Sea Turtle

Score: 5.72

Matched TTPs:

T1583 - Acquire Infrastructure
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

Ember Bear

Score: 6.99

Matched TTPs:

T1583 - Acquire Infrastructure
T1588.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

Indrik Spider

Score: 5.87

Matched TTPs:

T1583 - Acquire Infrastructure
T1584.004 - Server

MITREへのリンク →

Agrius

Score: 3.03

Matched TTPs:

T1583 - Acquire Infrastructure

MITREへのリンク →

Contagious Interview

Score: 15.73

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1090 - Proxy
T1583.006 - Web Services
T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service

MITREへのリンク →

Sandworm Team

Score: 18.88

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1090 - Proxy
T1584.005 - Botnet
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1584.004 - Server

MITREへのリンク →

Star Blizzard

Score: 9.54

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1550.004 - Web Session Cookie

MITREへのリンク →

Winnti Group

Score: 3.29

Matched TTPs:

T1014 - Rootkit

MITREへのリンク →

APT41

Score: 11.59

Matched TTPs:

T1014 - Rootkit
T1090 - Proxy
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Rocke

Score: 13.72

Matched TTPs:

T1014 - Rootkit
T1071 - Application Layer Protocol
T1102 - Web Service
T1071.001 - Web Protocols
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TeamTNT

Score: 12.41

Matched TTPs:

T1014 - Rootkit
T1071 - Application Layer Protocol
T1608.001 - Upload Malware
T1102 - Web Service
T1071.001 - Web Protocols

MITREへのリンク →

APT28

Score: 27.81

Matched TTPs:

T1014 - Rootkit
T1557.004 - Evil Twin
T1090.002 - External Proxy
T1583.006 - Web Services
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1669 - Wi-Fi Networks

MITREへのリンク →

UNC3886

Score: 12.98

Matched TTPs:

T1014 - Rootkit
T1560.003 - Archive via Custom Method
T1588.001 - Malware
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Magic Hound

Score: 18.41

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1071 - Application Layer Protocol
T1090 - Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1566.003 - Spearphishing via Service

MITREへのリンク →

HEXANE

Score: 7.12

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT29

Score: 16.06

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1090.002 - External Proxy
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting
T1566.003 - Spearphishing via Service

MITREへのリンク →

Gamaredon Group

Score: 19.31

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware
T1090 - Proxy
T1102 - Web Service
T1583.006 - Web Services
T1102.003 - One-Way Communication
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols

MITREへのリンク →

TA2541

Score: 9.19

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware
T1588.001 - Malware
T1583.006 - Web Services

MITREへのリンク →

Lotus Blossom

Score: 8.83

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1560.003 - Archive via Custom Method
T1090.001 - Internal Proxy

MITREへのリンク →

FIN13

Score: 11.40

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1071.001 - Web Protocols
T1556 - Modify Authentication Process
T1090.001 - Internal Proxy

MITREへのリンク →

HAFNIUM

Score: 13.41

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1583.005 - Botnet
T1584.005 - Botnet
T1583.006 - Web Services
T1071.001 - Web Protocols

MITREへのリンク →

Turla

Score: 29.41

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1090 - Proxy
T1588.001 - Malware
T1102 - Web Service
T1583.006 - Web Services
T1584.006 - Web Services
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1584.004 - Server
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Volt Typhoon

Score: 17.06

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1090 - Proxy
T1584.005 - Botnet
T1584.004 - Server
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

FIN8

Score: 9.61

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1102 - Web Service
T1071.001 - Web Protocols
T1588.003 - Code Signing Certificates

MITREへのリンク →

FIN6

Score: 8.20

Matched TTPs:

T1560.003 - Archive via Custom Method
T1102 - Web Service
T1566.003 - Spearphishing via Service

MITREへのリンク →

CopyKittens

Score: 5.49

Matched TTPs:

T1560.003 - Archive via Custom Method
T1090 - Proxy

MITREへのリンク →

Mustang Panda

Score: 27.09

Matched TTPs:

T1560.003 - Archive via Custom Method
T1608.001 - Upload Malware
T1070 - Indicator Removal
T1102 - Web Service
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1071.001 - Web Protocols
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Lazarus Group

Score: 40.85

Matched TTPs:

T1560.003 - Archive via Custom Method
T1090.002 - External Proxy
T1070 - Indicator Removal
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1584.004 - Server
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1090.001 - Internal Proxy
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT5

Score: 7.47

Matched TTPs:

T1583.005 - Botnet
T1070 - Indicator Removal

MITREへのリンク →

Ke3chang

Score: 5.03

Matched TTPs:

T1583.005 - Botnet
T1071.001 - Web Protocols

MITREへのリンク →

INC Ransom

Score: 3.44

Matched TTPs:

T1071 - Application Layer Protocol

MITREへのリンク →

Velvet Ant

Score: 6.37

Matched TTPs:

T1071 - Application Layer Protocol
T1090.001 - Internal Proxy

MITREへのリンク →

Earth Lusca

Score: 17.00

Matched TTPs:

T1608.001 - Upload Malware
T1090 - Proxy
T1588.001 - Malware
T1583.006 - Web Services
T1584.006 - Web Services
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

LuminousMoth

Score: 5.62

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1071.001 - Web Protocols

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1608.001 - Upload Malware
T1189 - Drive-by Compromise

MITREへのリンク →

OilRig

Score: 10.33

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service

MITREへのリンク →

LazyScripter

Score: 8.97

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1102 - Web Service
T1583.006 - Web Services

MITREへのリンク →

Threat Group-3390

Score: 9.57

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1588.003 - Code Signing Certificates

MITREへのリンク →

TA505

Score: 5.62

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1071.001 - Web Protocols

MITREへのリンク →

BlackByte

Score: 3.16

Matched TTPs:

T1608.001 - Upload Malware
T1071.001 - Web Protocols

MITREへのリンク →

BITTER

Score: 4.65

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

APT32

Score: 10.96

Matched TTPs:

T1608.001 - Upload Malware
T1102 - Web Service
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Moonstone Sleet

Score: 9.53

Matched TTPs:

T1608.001 - Upload Malware
T1071.001 - Web Protocols
T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 8.98

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1124 - System Time Discovery

MITREへのリンク →

EXOTIC LILY

Score: 8.51

Matched TTPs:

T1608.001 - Upload Malware
T1102 - Web Service
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 9.31

Matched TTPs:

T1608.001 - Upload Malware
T1070 - Indicator Removal
T1102 - Web Service
T1071.001 - Web Protocols

MITREへのリンク →

MoustachedBouncer

Score: 6.88

Matched TTPs:

T1659 - Content Injection
T1090 - Proxy

MITREへのリンク →

APT39

Score: 9.26

Matched TTPs:

T1090.002 - External Proxy
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1090.001 - Internal Proxy

MITREへのリンク →

Tonto Team

Score: 4.24

Matched TTPs:

T1090.002 - External Proxy
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT3

Score: 4.24

Matched TTPs:

T1090.002 - External Proxy
T1203 - Exploitation for Client Execution

MITREへのリンク →

MuddyWater

Score: 9.84

Matched TTPs:

T1090.002 - External Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

LAPSUS$

Score: 8.93

Matched TTPs:

T1090 - Proxy
T1588.001 - Malware
T1204 - User Execution

MITREへのリンク →

Windigo

Score: 4.11

Matched TTPs:

T1090 - Proxy
T1189 - Drive-by Compromise

MITREへのリンク →

POLONIUM

Score: 6.75

Matched TTPs:

T1090 - Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication

MITREへのリンク →

Fox Kitten

Score: 4.86

Matched TTPs:

T1090 - Proxy
T1102 - Web Service

MITREへのリンク →

Scattered Spider

Score: 8.93

Matched TTPs:

T1090 - Proxy
T1588.001 - Malware
T1204 - User Execution

MITREへのリンク →

Metador

Score: 3.65

Matched TTPs:

T1588.001 - Malware
T1071.001 - Web Protocols

MITREへのリンク →

Andariel

Score: 5.72

Matched TTPs:

T1588.001 - Malware
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Axiom

Score: 11.42

Matched TTPs:

T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1001.002 - Steganography

MITREへのリンク →

RedCurl

Score: 3.71

Matched TTPs:

T1102 - Web Service
T1071.001 - Web Protocols

MITREへのリンク →

Inception

Score: 5.20

Matched TTPs:

T1102 - Web Service
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

Medusa Group

Score: 6.82

Matched TTPs:

T1583.006 - Web Services
T1071.001 - Web Protocols
T1529 - System Shutdown/Reboot

MITREへのリンク →

ZIRCONIUM

Score: 7.00

Matched TTPs:

T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1124 - System Time Discovery

MITREへのリンク →

Confucius

Score: 4.69

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

CURIUM

Score: 14.35

Matched TTPs:

T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1584.006 - Web Services
T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-1811

Score: 6.37

Matched TTPs:

T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1566.003 - Spearphishing via Service

MITREへのリンク →

Leviathan

Score: 10.22

Matched TTPs:

T1102.003 - One-Way Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Winter Vivern

Score: 6.58

Matched TTPs:

T1584.006 - Web Services
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

APT37

Score: 10.47

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sidewinder

Score: 5.27

Matched TTPs:

T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1124 - System Time Discovery

MITREへのリンク →

Dragonfly

Score: 6.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

BlackTech

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Patchwork

Score: 6.54

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Higaisa

Score: 12.05

Matched TTPs:

T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1071.001 - Web Protocols
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

BRONZE BUTLER

Score: 10.32

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1124 - System Time Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Transparent Tribe

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 5.85

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Windshift

Score: 5.48

Matched TTPs:

T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT38

Score: 6.58

Matched TTPs:

T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1529 - System Shutdown/Reboot

MITREへのリンク →

Dark Caracal

Score: 5.48

Matched TTPs:

T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1566.003 - Spearphishing via Service

MITREへのリンク →

Daggerfly

Score: 5.79

Matched TTPs:

T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1584.004 - Server

MITREへのリンク →

Chimera

Score: 3.78

Matched TTPs:

T1071.001 - Web Protocols
T1124 - System Time Discovery

MITREへのリンク →

Wizard Spider

Score: 4.34

Matched TTPs:

T1071.001 - Web Protocols
T1588.003 - Code Signing Certificates

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.76

Matched TTPs:

T1584.004 - Server
T1583.006 - Web Services
T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1001.003 - Protocol or Service Impersonation
T1071.001 - Web Protocols
T1566.003 - Spearphishing via Service
T1070 - Indicator Removal
T1102.002 - Bidirectional Communication
T1090.002 - External Proxy
T1203 - Exploitation for Client Execution
T1529 - System Shutdown/Reboot
T1027.007 - Dynamic API Resolution
T1560.003 - Archive via Custom Method
T1090.001 - Internal Proxy

MITREへのリンク →

Turla

Score: 0.63

Matched TTPs:

T1583.006 - Web Services
T1189 - Drive-by Compromise
T1090 - Proxy
T1124 - System Time Discovery
T1071.001 - Web Protocols
T1584.006 - Web Services
T1102.002 - Bidirectional Communication
T1588.001 - Malware
T1584.004 - Server
T1016.001 - Internet Connection Discovery
T1102 - Web Service
T1090.001 - Internal Proxy

MITREへのリンク →

APT28

Score: 0.58

Matched TTPs:

T1583.006 - Web Services
T1189 - Drive-by Compromise
T1014 - Rootkit
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1557.004 - Evil Twin
T1071.001 - Web Protocols
T1203 - Exploitation for Client Execution
T1102.002 - Bidirectional Communication
T1090.002 - External Proxy
T1669 - Wi-Fi Networks

MITREへのリンク →

Mustang Panda

Score: 0.56

Matched TTPs:

T1588.003 - Code Signing Certificates
T1583.006 - Web Services
T1560.003 - Archive via Custom Method
T1608.001 - Upload Malware
T1071.001 - Web Protocols
T1070 - Indicator Removal
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1027.007 - Dynamic API Resolution
T1102 - Web Service

MITREへのリンク →

Kimsuky

Score: 0.56

Matched TTPs:

T1185 - Browser Session Hijacking
T1588.003 - Code Signing Certificates
T1583.006 - Web Services
T1587 - Develop Capabilities
T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1071.001 - Web Protocols
T1102.002 - Bidirectional Communication
T1102.001 - Dead Drop Resolver
T1560.003 - Archive via Custom Method

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Linux/Moose

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ