Trusted Design

New Trojan for Linux infects routers

概要

Doctor Web security researchers examined a new dangerous Trojan for routers running Linux. The Trojan named Linux.PNScan.1 can infect devices with ARM, MIPS, or PowerPC architectures. Using this and other dangerous applications uploaded by Linux.PNScan.1 to the compromised device, cybercriminals can hack administrative control panel of PHPMyAdmin, which is used to manage relational databases, and brute-force authentication credentials to get unauthorized access to various devices and servers via the SSH protocol. AlienVault Labs has extracted related samples and located the infrastructure used by attackers

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

APT41

Score: 16.82
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1097 - Pass the Ticket
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

Rocke

Score: 9.81
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 15.49
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1110.003 - Password Spraying
  • T1209 - Time Providers
MITREへのリンク →

APT28

Score: 32.57
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1552.005 - Cloud Instance Metadata API
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1078.001 - Default Accounts
  • T1097 - Pass the Ticket
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 11.98
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
MITREへのリンク →

OilRig

Score: 25.41
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1097 - Pass the Ticket
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1209 - Time Providers
  • T1556 - Modify Authentication Process
MITREへのリンク →

Gamaredon Group

Score: 11.03
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1091 - Replication Through Removable Media
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
MITREへのリンク →

Turla

Score: 22.28
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1546.016 - Installer Packages
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Kimsuky

Score: 24.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1001 - Data Obfuscation
  • T1547.002 - Authentication Package
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN13

Score: 11.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1209 - Time Providers
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Moonstone Sleet

Score: 6.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Indrik Spider

Score: 7.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1546.016 - Installer Packages
MITREへのリンク →

Lazarus Group

Score: 18.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1588.001 - Malware
  • T1547.002 - Authentication Package
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Contagious Interview

Score: 6.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1556 - Modify Authentication Process
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 25.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1686.003 - Windows Host Firewall
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1546.016 - Installer Packages
MITREへのリンク →

Salt Typhoon

Score: 13.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT29

Score: 13.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1683 - Generate Content
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Play

Score: 6.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1490 - Inhibit System Recovery
MITREへのリンク →

RedCurl

Score: 6.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1542.004 - ROMMONkit
  • T1209 - Time Providers
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Ke3chang

Score: 12.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 12.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1209 - Time Providers
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN7

Score: 15.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1547.002 - Authentication Package
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Volt Typhoon

Score: 16.06
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
MITREへのリンク →

Storm-0501

Score: 9.93
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1097 - Pass the Ticket
MITREへのリンク →

HAFNIUM

Score: 11.60
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

BRONZE BUTLER

Score: 12.69
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1542.004 - ROMMONkit
  • T1008 - Fallback Channels
MITREへのリンク →

Aquatic Panda

Score: 4.62
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1588.001 - Malware
MITREへのリンク →

Chimera

Score: 9.72
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1542.004 - ROMMONkit
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Earth Lusca

Score: 12.64
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1110.003 - Password Spraying
  • T1546.016 - Installer Packages
MITREへのリンク →

Velvet Ant

Score: 12.23
Matched TTPs:
  • T1583.005 - Botnet
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT33

Score: 5.78
Matched TTPs:
  • T1583.005 - Botnet
  • T1556 - Modify Authentication Process
MITREへのリンク →

DarkVishnya

Score: 7.32
Matched TTPs:
  • T1583.005 - Botnet
  • T1097 - Pass the Ticket
  • T1209 - Time Providers
MITREへのリンク →

TA2541

Score: 5.12
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1001 - Data Obfuscation
MITREへのリンク →

Mustard Tempest

Score: 6.51
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
MITREへのリンク →

Threat Group-3390

Score: 8.36
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1001 - Data Obfuscation
  • T1209 - Time Providers
MITREへのリンク →

BlackByte

Score: 10.76
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1001 - Data Obfuscation
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BITTER

Score: 7.69
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1683 - Generate Content
MITREへのリンク →

APT32

Score: 17.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1592.004 - Client Configurations
  • T1588.001 - Malware
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

HEXANE

Score: 6.89
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
MITREへのリンク →

Ember Bear

Score: 5.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1209 - Time Providers
MITREへのリンク →

BackdoorDiplomacy

Score: 5.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1209 - Time Providers
MITREへのリンク →

BlackTech

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Magic Hound

Score: 15.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1209 - Time Providers
MITREへのリンク →

Medusa Group

Score: 5.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sea Turtle

Score: 4.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Fox Kitten

Score: 14.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1097 - Pass the Ticket
  • T1542.004 - ROMMONkit
  • T1209 - Time Providers
  • T1588.005 - Exploits
MITREへのリンク →

Agrius

Score: 5.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1209 - Time Providers
MITREへのリンク →

menuPass

Score: 9.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1542.004 - ROMMONkit
  • T1001 - Data Obfuscation
  • T1209 - Time Providers
MITREへのリンク →

Blue Mockingbird

Score: 3.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winter Vivern

Score: 3.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
MITREへのリンク →

Leviathan

Score: 4.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.016 - Installer Packages
MITREへのリンク →

INC Ransom

Score: 5.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Dragonfly

Score: 6.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1546.016 - Installer Packages
MITREへのリンク →

Axiom

Score: 9.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1160 - Launch Daemon
MITREへのリンク →

MuddyWater

Score: 3.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
MITREへのリンク →

APT39

Score: 10.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1589.003 - Employee Names
MITREへのリンク →

Carbanak

Score: 4.49
Matched TTPs:
  • T1588.001 - Malware
  • T1547.002 - Authentication Package
MITREへのリンク →

Wizard Spider

Score: 10.86
Matched TTPs:
  • T1588.001 - Malware
  • T1556.009 - Conditional Access Policies
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN6

Score: 9.01
Matched TTPs:
  • T1588.001 - Malware
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Naikon

Score: 3.86
Matched TTPs:
  • T1588.001 - Malware
  • T1209 - Time Providers
MITREへのリンク →

PROMETHIUM

Score: 4.76
Matched TTPs:
  • T1588.001 - Malware
  • T1490 - Inhibit System Recovery
MITREへのリンク →

ZIRCONIUM

Score: 4.49
Matched TTPs:
  • T1588.001 - Malware
  • T1547.002 - Authentication Package
MITREへのリンク →

APT38

Score: 4.92
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

Gorgon Group

Score: 3.15
Matched TTPs:
  • T1001 - Data Obfuscation
MITREへのリンク →

Patchwork

Score: 6.44
Matched TTPs:
  • T1001 - Data Obfuscation
  • T1008 - Fallback Channels
MITREへのリンク →

Tropic Trooper

Score: 8.05
Matched TTPs:
  • T1683 - Generate Content
  • T1209 - Time Providers
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Andariel

Score: 3.84
Matched TTPs:
  • T1187 - Forced Authentication
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

Scattered Spider

Score: 3.84
Matched TTPs:
  • T1588.005 - Exploits
MITREへのリンク →

LAPSUS$

Score: 3.84
Matched TTPs:
  • T1588.005 - Exploits
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1583.005 - Botnet
  • T1547.002 - Authentication Package
  • T1499.001 - OS Exhaustion Flood
  • T1566.003 - Spearphishing via Service
  • T1542.004 - ROMMONkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.005 - Cloud Instance Metadata API
  • T1078.001 - Default Accounts
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Sandworm Team

Score: 0.66
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1583.005 - Botnet
  • T1187 - Forced Authentication
  • T1049 - System Network Connections Discovery
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1546.016 - Installer Packages
  • T1686.003 - Windows Host Firewall
MITREへのリンク →

OilRig

Score: 0.63
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1209 - Time Providers
  • T1552.005 - Cloud Instance Metadata API
  • T1091 - Replication Through Removable Media
  • T1592.002 - Software
  • T1556 - Modify Authentication Process
  • T1003.007 - Proc Filesystem
  • T1556.009 - Conditional Access Policies
  • T1606.002 - SAML Tokens
MITREへのリンク →

Kimsuky

Score: 0.62
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1583.005 - Botnet
  • T1008 - Fallback Channels
  • T1588.001 - Malware
  • T1490 - Inhibit System Recovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1001 - Data Obfuscation
  • T1003.007 - Proc Filesystem
  • T1606.002 - SAML Tokens
MITREへのリンク →

Turla

Score: 0.61
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1490 - Inhibit System Recovery
  • T1552.005 - Cloud Instance Metadata API
  • T1546.016 - Installer Packages
  • T1003.007 - Proc Filesystem
  • T1556.009 - Conditional Access Policies
  • T1606.002 - SAML Tokens
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る