Trusted Design

Grabit and the RATs

概要

Not so long ago, Kaspersky clients in the United States approached Kaspersky researchers with a request to investigate a new type of malicious software that they were able to recover from their organizations’ servers. The malware calls itself Grabit and is distinctive because of its versatile behavior. Every sample we found was different in size and activity from the others but the internal name and other identifiers were disturbingly similar. The timestamp seems valid and close to the documented infection timeline. Our documentation points to a campaign that started somewhere in late February 2015 and ended in mid-March. As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe.

Created: 2026-02-23

Indicators

類似Pulses

Aggressive Malware Pushers: Prolific Cyber Surfers Beware (score: 0.62)
Ramnit – in-depth analysis (score: 0.61)
Graftor malware on Metadefender.com (score: 0.59)
TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (score: 0.59)
Exploring Bergard: Old Malware with New Tricks (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 10.44

Matched TTPs:

T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1136.002 - Domain Account

MITREへのリンク →

Sandworm Team

Score: 17.63

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1122 - Component Object Model Hijacking
T1546.016 - Installer Packages

MITREへのリンク →

Kimsuky

Score: 19.41

Matched TTPs:

T1053.007 - Container Orchestration Job
T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1567.004 - Exfiltration Over Webhook
T1588.001 - Malware
T1126 - Network Share Connection Removal

MITREへのリンク →

Mustang Panda

Score: 15.08

Matched TTPs:

T1053.007 - Container Orchestration Job
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1567.004 - Exfiltration Over Webhook
T1055.005 - Thread Local Storage

MITREへのリンク →

FIN13

Score: 7.12

Matched TTPs:

T1606.002 - SAML Tokens
T1588.001 - Malware
T1569.002 - Service Execution

MITREへのリンク →

Moonstone Sleet

Score: 7.91

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1126 - Network Share Connection Removal

MITREへのリンク →

Indrik Spider

Score: 7.45

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1546.016 - Installer Packages

MITREへのリンク →

Lazarus Group

Score: 19.42

Matched TTPs:

T1606.002 - SAML Tokens
T1567.004 - Exfiltration Over Webhook
T1588.001 - Malware
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Contagious Interview

Score: 12.05

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1126 - Network Share Connection Removal

MITREへのリンク →

OilRig

Score: 10.44

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1005 - Data from Local System

MITREへのリンク →

UNC3886

Score: 16.12

Matched TTPs:

T1606.002 - SAML Tokens
T1567.004 - Exfiltration Over Webhook
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1588.001 - Malware
T1578.001 - Create Snapshot

MITREへのリンク →

LuminousMoth

Score: 9.97

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

APT29

Score: 7.59

Matched TTPs:

T1606.002 - SAML Tokens
T1567.004 - Exfiltration Over Webhook
T1122 - Component Object Model Hijacking

MITREへのリンク →

Play

Score: 5.53

Matched TTPs:

T1606.002 - SAML Tokens
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

RedCurl

Score: 4.84

Matched TTPs:

T1606.002 - SAML Tokens
T1122 - Component Object Model Hijacking

MITREへのリンク →

Turla

Score: 15.43

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1136.002 - Domain Account
T1546.016 - Installer Packages
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Ke3chang

Score: 4.62

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem

MITREへのリンク →

TeamTNT

Score: 6.59

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media

MITREへのリンク →

FIN7

Score: 8.76

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1588.001 - Malware
T1578.001 - Create Snapshot

MITREへのリンク →

BRONZE BUTLER

Score: 5.12

Matched TTPs:

T1003.007 - Proc Filesystem
T1578.001 - Create Snapshot

MITREへのリンク →

Aquatic Panda

Score: 7.08

Matched TTPs:

T1003.007 - Proc Filesystem
T1136.002 - Domain Account
T1588.001 - Malware

MITREへのリンク →

Chimera

Score: 7.86

Matched TTPs:

T1003.007 - Proc Filesystem
T1567.004 - Exfiltration Over Webhook
T1578.001 - Create Snapshot

MITREへのリンク →

Earth Lusca

Score: 9.79

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1546.016 - Installer Packages

MITREへのリンク →

Volt Typhoon

Score: 10.88

Matched TTPs:

T1003.007 - Proc Filesystem
T1546.016 - Installer Packages
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

APT1

Score: 4.98

Matched TTPs:

T1003.007 - Proc Filesystem
T1136.002 - Domain Account

MITREへのリンク →

TA2541

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Mustard Tempest

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1543.002 - Systemd Service

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Gamaredon Group

Score: 5.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1200 - Hardware Additions

MITREへのリンク →

Threat Group-3390

Score: 12.29

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.003 - CMSTP
T1122 - Component Object Model Hijacking
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

TA505

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

BITTER

Score: 4.07

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware

MITREへのリンク →

APT32

Score: 6.81

Matched TTPs:

T1091 - Replication Through Removable Media
T1567.004 - Exfiltration Over Webhook
T1588.001 - Malware

MITREへのリンク →

APT28

Score: 16.22

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1122 - Component Object Model Hijacking
T1574.009 - Path Interception by Unquoted Path
T1200 - Hardware Additions
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 13.21

Matched TTPs:

T1218.003 - CMSTP
T1598 - Phishing for Information
T1094 - Custom Command and Control Protocol

MITREへのリンク →

LAPSUS$

Score: 9.74

Matched TTPs:

T1136.002 - Domain Account
T1020 - Automated Exfiltration
T1122 - Component Object Model Hijacking

MITREへのリンク →

BackdoorDiplomacy

Score: 4.55

Matched TTPs:

T1136.002 - Domain Account
T1588.001 - Malware

MITREへのリンク →

ZIRCONIUM

Score: 4.69

Matched TTPs:

T1588.001 - Malware
T1578.001 - Create Snapshot

MITREへのリンク →

Higaisa

Score: 7.62

Matched TTPs:

T1588.001 - Malware
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

APT41

Score: 5.53

Matched TTPs:

T1588.001 - Malware
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

APT37

Score: 4.13

Matched TTPs:

T1078 - Valid Accounts

MITREへのリンク →

Windshift

Score: 4.13

Matched TTPs:

T1078 - Valid Accounts

MITREへのリンク →

Dragonfly

Score: 5.98

Matched TTPs:

T1200 - Hardware Additions
T1546.016 - Installer Packages

MITREへのリンク →

Confucius

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

Tropic Trooper

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

Inception

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1130 - Install Root Certificate
T1569.002 - Service Execution

MITREへのリンク →

Velvet Ant

Score: 7.06

Matched TTPs:

T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80

Matched TTPs:

T1003.007 - Proc Filesystem
T1588.001 - Malware
T1567.004 - Exfiltration Over Webhook
T1091 - Replication Through Removable Media
T1053.007 - Container Orchestration Job
T1126 - Network Share Connection Removal
T1606.002 - SAML Tokens

MITREへのリンク →

Lazarus Group

Score: 0.80

Matched TTPs:

T1588.001 - Malware
T1055.005 - Thread Local Storage
T1546.016 - Installer Packages
T1567.004 - Exfiltration Over Webhook
T1578.001 - Create Snapshot
T1569.002 - Service Execution
T1606.002 - SAML Tokens

MITREへのリンク →

Sandworm Team

Score: 0.76

Matched TTPs:

T1546.016 - Installer Packages
T1564.008 - Email Hiding Rules
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1122 - Component Object Model Hijacking
T1606.002 - SAML Tokens

MITREへのリンク →

APT28

Score: 0.72

Matched TTPs:

T1566.003 - Spearphishing via Service
T1567.004 - Exfiltration Over Webhook
T1574.009 - Path Interception by Unquoted Path
T1122 - Component Object Model Hijacking
T1200 - Hardware Additions

MITREへのリンク →

UNC3886

Score: 0.72

Matched TTPs:

T1588.001 - Malware
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1567.004 - Exfiltration Over Webhook
T1578.001 - Create Snapshot
T1606.002 - SAML Tokens

MITREへのリンク →

Turla

Score: 0.71

Matched TTPs:

T1003.007 - Proc Filesystem
T1546.016 - Installer Packages
T1136.002 - Domain Account
T1578.001 - Create Snapshot
T1569.002 - Service Execution
T1606.002 - SAML Tokens

MITREへのリンク →

Mustang Panda

Score: 0.63

Matched TTPs:

T1055.005 - Thread Local Storage
T1567.004 - Exfiltration Over Webhook
T1091 - Replication Through Removable Media
T1053.007 - Container Orchestration Job
T1606.002 - SAML Tokens

MITREへのリンク →

Medusa Group

Score: 0.62

Matched TTPs:

T1598 - Phishing for Information
T1218.003 - CMSTP
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Threat Group-3390

Score: 0.57

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.003 - CMSTP
T1122 - Component Object Model Hijacking
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る