Trusted Design

Disrupting an Adware-serving Skype Botnet

概要

In the early days of malware, we all remember analyzing samples of IRC botnets that were relatively simple, where the malware would connect to a random port running IRC, joining the botnet and waiting for commands from their leader. In this day and age, it’s slightly different. Whereas botnets previously had to run on systems that attackers owned or had compromised, now bots can run on Skype and other cloud-based chat programs, providing an even lower-cost alternative for attackers.

Created: 2026-02-23

Indicators

類似Pulses

Skype Worm (score: 0.67)
IRC Botnets alive, effective & evolving (score: 0.60)
New Skype spam leads to Trojan download (score: 0.59)
Cisco firewalls IRC botnet C&C 8/29/2016 (score: 0.58)
Linux/IRCTelnet (new Aidra) - A DDoS botnet aims IoT w/ IPv6 ready (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

APT37

Score: 14.03

Matched TTPs:

T1485.001 - Lifecycle-Triggered Deletion
T1590.003 - Network Trust Dependencies
T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1216 - System Script Proxy Execution

MITREへのリンク →

HAFNIUM

Score: 11.58

Matched TTPs:

T1027.008 - Stripped Payloads
T1049 - System Network Connections Discovery
T1556.005 - Reversible Encryption
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT5

Score: 6.77

Matched TTPs:

T1027.008 - Stripped Payloads
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Ke3chang

Score: 7.96

Matched TTPs:

T1027.008 - Stripped Payloads
T1556.005 - Reversible Encryption
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Medusa Group

Score: 11.45

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1586.002 - Email Accounts
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1216 - System Script Proxy Execution

MITREへのリンク →

Higaisa

Score: 3.47

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1556.005 - Reversible Encryption

MITREへのリンク →

Lazarus Group

Score: 18.23

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1546.016 - Installer Packages
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1216 - System Script Proxy Execution

MITREへのリンク →

Turla

Score: 12.59

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1612 - Build Image on Host
T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Chimera

Score: 5.24

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1556.005 - Reversible Encryption
T1209 - Time Providers

MITREへのリンク →

BlackTech

Score: 5.41

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1209 - Time Providers
T1027.018 - Invisible Unicode

MITREへのリンク →

Sandworm Team

Score: 16.28

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1586.002 - Email Accounts
T1049 - System Network Connections Discovery
T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Tropic Trooper

Score: 5.24

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1556.005 - Reversible Encryption
T1209 - Time Providers

MITREへのリンク →

menuPass

Score: 4.05

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1209 - Time Providers

MITREへのリンク →

Gamaredon Group

Score: 13.89

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1612 - Build Image on Host
T1554 - Compromise Host Software Binary
T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustang Panda

Score: 20.72

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1612 - Build Image on Host
T1169 - Sudo
T1565.002 - Transmitted Data Manipulation
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode

MITREへのリンク →

APT38

Score: 8.46

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1556.005 - Reversible Encryption
T1027.018 - Invisible Unicode
T1216 - System Script Proxy Execution

MITREへのリンク →

TA505

Score: 4.83

Matched TTPs:

T1590.003 - Network Trust Dependencies
T1556.005 - Reversible Encryption
T1027.018 - Invisible Unicode

MITREへのリンク →

TeamTNT

Score: 8.07

Matched TTPs:

T1586.002 - Email Accounts
T1612 - Build Image on Host
T1556.005 - Reversible Encryption
T1209 - Time Providers

MITREへのリンク →

OilRig

Score: 6.91

Matched TTPs:

T1586.002 - Email Accounts
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN7

Score: 6.35

Matched TTPs:

T1586.002 - Email Accounts
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

INC Ransom

Score: 4.36

Matched TTPs:

T1586.002 - Email Accounts
T1209 - Time Providers

MITREへのリンク →

DarkVishnya

Score: 4.36

Matched TTPs:

T1586.002 - Email Accounts
T1209 - Time Providers

MITREへのリンク →

Carbanak

Score: 4.99

Matched TTPs:

T1586.002 - Email Accounts
T1547.002 - Authentication Package

MITREへのリンク →

MuddyWater

Score: 7.54

Matched TTPs:

T1586.002 - Email Accounts
T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1027.018 - Invisible Unicode

MITREへのリンク →

BlackByte

Score: 5.55

Matched TTPs:

T1586.002 - Email Accounts
T1556.005 - Reversible Encryption
T1209 - Time Providers

MITREへのリンク →

Cobalt Group

Score: 6.91

Matched TTPs:

T1586.002 - Email Accounts
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1027.018 - Invisible Unicode

MITREへのリンク →

Axiom

Score: 8.16

Matched TTPs:

T1049 - System Network Connections Discovery
T1160 - Launch Daemon

MITREへのリンク →

Volt Typhoon

Score: 8.22

Matched TTPs:

T1049 - System Network Connections Discovery
T1546.016 - Installer Packages
T1209 - Time Providers

MITREへのリンク →

RedCurl

Score: 6.84

Matched TTPs:

T1612 - Build Image on Host
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1027.018 - Invisible Unicode

MITREへのリンク →

Inception

Score: 3.71

Matched TTPs:

T1612 - Build Image on Host
T1556.005 - Reversible Encryption

MITREへのリンク →

Rocke

Score: 5.48

Matched TTPs:

T1612 - Build Image on Host
T1556.005 - Reversible Encryption
T1209 - Time Providers

MITREへのリンク →

FIN6

Score: 4.29

Matched TTPs:

T1612 - Build Image on Host
T1209 - Time Providers

MITREへのリンク →

LazyScripter

Score: 3.88

Matched TTPs:

T1612 - Build Image on Host
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN8

Score: 5.07

Matched TTPs:

T1612 - Build Image on Host
T1556.005 - Reversible Encryption
T1027.018 - Invisible Unicode

MITREへのリンク →

EXOTIC LILY

Score: 3.88

Matched TTPs:

T1612 - Build Image on Host
T1027.018 - Invisible Unicode

MITREへのリンク →

APT42

Score: 3.71

Matched TTPs:

T1612 - Build Image on Host
T1556.005 - Reversible Encryption

MITREへのリンク →

Fox Kitten

Score: 8.13

Matched TTPs:

T1612 - Build Image on Host
T1209 - Time Providers
T1588.005 - Exploits

MITREへのリンク →

APT32

Score: 6.84

Matched TTPs:

T1612 - Build Image on Host
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1027.018 - Invisible Unicode

MITREへのリンク →

Leviathan

Score: 8.33

Matched TTPs:

T1554 - Compromise Host Software Binary
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Kimsuky

Score: 7.87

Matched TTPs:

T1547.002 - Authentication Package
T1565.002 - Transmitted Data Manipulation
T1556.005 - Reversible Encryption
T1027.018 - Invisible Unicode

MITREへのリンク →

APT39

Score: 6.71

Matched TTPs:

T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 6.71

Matched TTPs:

T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1027.018 - Invisible Unicode

MITREへのリンク →

APT28

Score: 7.87

Matched TTPs:

T1547.002 - Authentication Package
T1556.005 - Reversible Encryption
T1027.018 - Invisible Unicode
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

ZIRCONIUM

Score: 3.76

Matched TTPs:

T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

Storm-0501

Score: 5.86

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Contagious Interview

Score: 4.29

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1027.018 - Invisible Unicode

MITREへのリンク →

Evilnum

Score: 4.29

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1027.018 - Invisible Unicode

MITREへのリンク →

Scattered Spider

Score: 9.70

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1021.001 - Remote Desktop Protocol
T1588.005 - Exploits

MITREへのリンク →

Daggerfly

Score: 5.38

Matched TTPs:

T1556.005 - Reversible Encryption
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

APT33

Score: 5.48

Matched TTPs:

T1556.005 - Reversible Encryption
T1027.018 - Invisible Unicode
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Earth Lusca

Score: 4.19

Matched TTPs:

T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

APT29

Score: 4.29

Matched TTPs:

T1027.018 - Invisible Unicode
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

LAPSUS$

Score: 6.77

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1588.005 - Exploits

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.77

Matched TTPs:

T1055.005 - Thread Local Storage
T1556.005 - Reversible Encryption
T1209 - Time Providers
T1169 - Sudo
T1027.018 - Invisible Unicode
T1612 - Build Image on Host
T1590.003 - Network Trust Dependencies
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

Lazarus Group

Score: 0.69

Matched TTPs:

T1055.005 - Thread Local Storage
T1546.016 - Installer Packages
T1556.005 - Reversible Encryption
T1216 - System Script Proxy Execution
T1547.002 - Authentication Package
T1209 - Time Providers
T1590.003 - Network Trust Dependencies

MITREへのリンク →

Sandworm Team

Score: 0.63

Matched TTPs:

T1546.016 - Installer Packages
T1556.005 - Reversible Encryption
T1049 - System Network Connections Discovery
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode
T1590.003 - Network Trust Dependencies
T1586.002 - Email Accounts

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る