Pulse Detail-

New Trojan for Linux infects routers

概要

Doctor Web security researchers examined a new dangerous Trojan for routers running Linux. The Trojan named Linux.PNScan.1 can infect devices with ARM, MIPS, or PowerPC architectures. Using this and other dangerous applications uploaded by Linux.PNScan.1 to the compromised device, cybercriminals can hack administrative control panel of PHPMyAdmin, which is used to manage relational databases, and brute-force authentication credentials to get unauthorized access to various devices and servers via the SSH protocol. AlienVault Labs has extracted related samples and located the infrastructure used by attackers

Created: 2026-02-23

Indicators

類似Pulses

A Look Into Fysbis: Sofacy’s Linux Backdoor (score: 0.65)
Exploring a P2P Transient Botnet - From Discovery to Enumeration (score: 0.62)
MMD-0047-2015 - SSHV: SSH bruter ELF botnet malware (score: 0.62)
ELF binaries on consumer-grade gateway routers - pnscan 2 (score: 0.61)
[Warning] infection of new Linux / Mayhem malware (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29

Matched TTPs:

T1014 - Rootkit

MITREへのリンク →

APT41

Score: 16.82

Matched TTPs:

T1014 - Rootkit
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1110 - Brute Force
T1046 - Network Service Discovery
T1569.002 - Service Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Rocke

Score: 9.81

Matched TTPs:

T1014 - Rootkit
T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TeamTNT

Score: 15.49

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1007 - System Service Discovery
T1608.001 - Upload Malware
T1098.004 - SSH Authorized Keys
T1046 - Network Service Discovery

MITREへのリンク →

APT28

Score: 32.57

Matched TTPs:

T1014 - Rootkit
T1025 - Data from Removable Media
T1040 - Network Sniffing
T1190 - Exploit Public-Facing Application
T1092 - Communication Through Removable Media
T1110 - Brute Force
T1039 - Data from Network Shared Drive
T1102.002 - Bidirectional Communication
T1669 - Wi-Fi Networks
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

UNC3886

Score: 11.98

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1040 - Network Sniffing
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

OilRig

Score: 25.41

Matched TTPs:

T1025 - Data from Removable Media
T1587.001 - Malware
T1007 - System Service Discovery
T1608.001 - Upload Malware
T1110 - Brute Force
T1137.004 - Outlook Home Page
T1555.004 - Windows Credential Manager
T1046 - Network Service Discovery
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Gamaredon Group

Score: 11.03

Matched TTPs:

T1025 - Data from Removable Media
T1608.001 - Upload Malware
T1039 - Data from Network Shared Drive
T1102.002 - Bidirectional Communication

MITREへのリンク →

Turla

Score: 22.28

Matched TTPs:

T1025 - Data from Removable Media
T1587.001 - Malware
T1007 - System Service Discovery
T1110 - Brute Force
T1102.002 - Bidirectional Communication
T1555.004 - Windows Credential Manager
T1584.004 - Server
T1078.003 - Local Accounts

MITREへのリンク →

Kimsuky

Score: 24.69

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1055.012 - Process Hollowing
T1102.002 - Bidirectional Communication
T1102.001 - Dead Drop Resolver
T1078.003 - Local Accounts

MITREへのリンク →

FIN13

Score: 11.96

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1046 - Network Service Discovery
T1556 - Modify Authentication Process

MITREへのリンク →

Moonstone Sleet

Score: 6.47

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1569.002 - Service Execution

MITREへのリンク →

Indrik Spider

Score: 7.45

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1584.004 - Server

MITREへのリンク →

Lazarus Group

Score: 18.07

Matched TTPs:

T1587.001 - Malware
T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication
T1584.004 - Server
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Contagious Interview

Score: 6.81

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

LuminousMoth

Score: 4.07

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware

MITREへのリンク →

Sandworm Team

Score: 25.11

Matched TTPs:

T1587.001 - Malware
T1588.006 - Vulnerabilities
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1592.002 - Software
T1102.002 - Bidirectional Communication
T1584.004 - Server

MITREへのリンク →

Salt Typhoon

Score: 13.19

Matched TTPs:

T1587.001 - Malware
T1040 - Network Sniffing
T1190 - Exploit Public-Facing Application
T1098.004 - SSH Authorized Keys
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT29

Score: 13.70

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1550.003 - Pass the Ticket
T1573 - Encrypted Channel
T1078.003 - Local Accounts

MITREへのリンク →

Play

Score: 6.23

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1078.003 - Local Accounts

MITREへのリンク →

RedCurl

Score: 6.89

Matched TTPs:

T1587.001 - Malware
T1039 - Data from Network Shared Drive
T1046 - Network Service Discovery

MITREへのリンク →

Moses Staff

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Ke3chang

Score: 12.33

Matched TTPs:

T1587.001 - Malware
T1583.005 - Botnet
T1007 - System Service Discovery
T1190 - Exploit Public-Facing Application
T1569.002 - Service Execution

MITREへのリンク →

Mustang Panda

Score: 12.71

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN7

Score: 15.10

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication
T1569.002 - Service Execution
T1078.003 - Local Accounts

MITREへのリンク →

Volt Typhoon

Score: 16.06

Matched TTPs:

T1588.006 - Vulnerabilities
T1007 - System Service Discovery
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1584.004 - Server
T1046 - Network Service Discovery

MITREへのリンク →

Storm-0501

Score: 9.93

Matched TTPs:

T1588.006 - Vulnerabilities
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1110 - Brute Force

MITREへのリンク →

HAFNIUM

Score: 11.60

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1078.003 - Local Accounts

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application

MITREへのリンク →

BRONZE BUTLER

Score: 12.69

Matched TTPs:

T1007 - System Service Discovery
T1550.003 - Pass the Ticket
T1039 - Data from Network Shared Drive
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Aquatic Panda

Score: 4.62

Matched TTPs:

T1007 - System Service Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Chimera

Score: 9.72

Matched TTPs:

T1007 - System Service Discovery
T1039 - Data from Network Shared Drive
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

Earth Lusca

Score: 12.64

Matched TTPs:

T1007 - System Service Discovery
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1098.004 - SSH Authorized Keys
T1584.004 - Server

MITREへのリンク →

Velvet Ant

Score: 12.23

Matched TTPs:

T1040 - Network Sniffing
T1569.002 - Service Execution
T1078.003 - Local Accounts
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

APT33

Score: 5.78

Matched TTPs:

T1040 - Network Sniffing
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

DarkVishnya

Score: 7.32

Matched TTPs:

T1040 - Network Sniffing
T1110 - Brute Force
T1046 - Network Service Discovery

MITREへのリンク →

TA2541

Score: 5.12

Matched TTPs:

T1608.001 - Upload Malware
T1055.012 - Process Hollowing

MITREへのリンク →

Mustard Tempest

Score: 6.51

Matched TTPs:

T1608.001 - Upload Malware
T1608.006 - SEO Poisoning

MITREへのリンク →

Threat Group-3390

Score: 8.36

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1055.012 - Process Hollowing
T1046 - Network Service Discovery

MITREへのリンク →

BlackByte

Score: 10.76

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1055.012 - Process Hollowing
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

BITTER

Score: 7.69

Matched TTPs:

T1608.001 - Upload Malware
T1036.004 - Masquerade Task or Service
T1573 - Encrypted Channel

MITREへのリンク →

APT32

Score: 17.49

Matched TTPs:

T1608.001 - Upload Malware
T1550.003 - Pass the Ticket
T1036.004 - Masquerade Task or Service
T1046 - Network Service Discovery
T1569.002 - Service Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1078.003 - Local Accounts

MITREへのリンク →

HEXANE

Score: 6.89

Matched TTPs:

T1608.001 - Upload Malware
T1110 - Brute Force
T1102.002 - Bidirectional Communication

MITREへのリンク →

Ember Bear

Score: 5.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1110 - Brute Force
T1046 - Network Service Discovery

MITREへのリンク →

BackdoorDiplomacy

Score: 5.33

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1046 - Network Service Discovery

MITREへのリンク →

BlackTech

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

Magic Hound

Score: 15.20

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1573 - Encrypted Channel
T1592.002 - Software
T1102.002 - Bidirectional Communication
T1046 - Network Service Discovery

MITREへのリンク →

Medusa Group

Score: 5.63

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

Sea Turtle

Score: 4.14

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1078.003 - Local Accounts

MITREへのリンク →

Fox Kitten

Score: 14.73

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1110 - Brute Force
T1039 - Data from Network Shared Drive
T1046 - Network Service Discovery
T1213.005 - Messaging Applications

MITREへのリンク →

Agrius

Score: 5.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1110 - Brute Force
T1046 - Network Service Discovery

MITREへのリンク →

menuPass

Score: 9.42

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1039 - Data from Network Shared Drive
T1055.012 - Process Hollowing
T1046 - Network Service Discovery

MITREへのリンク →

Blue Mockingbird

Score: 3.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1569.002 - Service Execution

MITREへのリンク →

Winter Vivern

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Leviathan

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

INC Ransom

Score: 5.63

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

Dragonfly

Score: 6.83

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1110 - Brute Force
T1584.004 - Server

MITREへのリンク →

Axiom

Score: 9.63

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1001.002 - Steganography

MITREへのリンク →

MuddyWater

Score: 3.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT39

Score: 10.55

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1110 - Brute Force
T1102.002 - Bidirectional Communication
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

Equation

Score: 4.54

Matched TTPs:

T1542.002 - Component Firmware

MITREへのリンク →

Carbanak

Score: 4.49

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication

MITREへのリンク →

Wizard Spider

Score: 10.86

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1555.004 - Windows Credential Manager
T1569.002 - Service Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN6

Score: 9.01

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1046 - Network Service Discovery
T1569.002 - Service Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Naikon

Score: 3.86

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1046 - Network Service Discovery

MITREへのリンク →

PROMETHIUM

Score: 4.76

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1078.003 - Local Accounts

MITREへのリンク →

ZIRCONIUM

Score: 4.49

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT38

Score: 4.92

Matched TTPs:

T1110 - Brute Force
T1569.002 - Service Execution

MITREへのリンク →

Sowbug

Score: 3.03

Matched TTPs:

T1039 - Data from Network Shared Drive

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

Patchwork

Score: 6.44

Matched TTPs:

T1055.012 - Process Hollowing
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Tropic Trooper

Score: 8.05

Matched TTPs:

T1573 - Encrypted Channel
T1046 - Network Service Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Andariel

Score: 3.84

Matched TTPs:

T1592.002 - Software

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

Scattered Spider

Score: 3.84

Matched TTPs:

T1213.005 - Messaging Applications

MITREへのリンク →

LAPSUS$

Score: 3.84

Matched TTPs:

T1213.005 - Messaging Applications

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83

Matched TTPs:

T1211 - Exploitation for Defense Evasion
T1039 - Data from Network Shared Drive
T1014 - Rootkit
T1025 - Data from Removable Media
T1040 - Network Sniffing
T1110 - Brute Force
T1102.002 - Bidirectional Communication
T1092 - Communication Through Removable Media
T1190 - Exploit Public-Facing Application
T1669 - Wi-Fi Networks

MITREへのリンク →

Sandworm Team

Score: 0.66

Matched TTPs:

T1584.004 - Server
T1040 - Network Sniffing
T1584.005 - Botnet
T1592.002 - Software
T1608.001 - Upload Malware
T1588.006 - Vulnerabilities
T1102.002 - Bidirectional Communication
T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

OilRig

Score: 0.63

Matched TTPs:

T1137.004 - Outlook Home Page
T1025 - Data from Removable Media
T1555.004 - Windows Credential Manager
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1110 - Brute Force
T1608.001 - Upload Malware
T1046 - Network Service Discovery
T1007 - System Service Discovery
T1587.001 - Malware

MITREへのリンク →

Kimsuky

Score: 0.62

Matched TTPs:

T1040 - Network Sniffing
T1608.001 - Upload Malware
T1102.001 - Dead Drop Resolver
T1102.002 - Bidirectional Communication
T1078.003 - Local Accounts
T1007 - System Service Discovery
T1055.012 - Process Hollowing
T1587.001 - Malware
T1036.004 - Masquerade Task or Service
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Turla

Score: 0.61

Matched TTPs:

T1584.004 - Server
T1025 - Data from Removable Media
T1555.004 - Windows Credential Manager
T1110 - Brute Force
T1102.002 - Bidirectional Communication
T1078.003 - Local Accounts
T1007 - System Service Discovery
T1587.001 - Malware

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

New Trojan for Linux infects routers

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ