Trusted Design

Uncovering Bunitu’s Secrets

概要

In our previous analysis (MalwareBytes) we showed how the Bunitu Trojan was distributed via the Neutrino exploit kit in various malvertising campaigns. After spending more time analyzing the proxy, we realized that the requests we were receiving were not related to ad-fraud activity (as we initially suspected) but instead appeared to be for some sort of VPN service. We believe that the operators of the Bunitu botnet are selling access to infected proxy bots as a way to monetize their botnet. People using certain VPN service providers to protect their privacy are completely unaware that the backend uses a criminal infrastructure of infected computers worldwide.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 29.85
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 3.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Ember Bear

Score: 17.89
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1056.002 - GUI Input Capture
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 6.88
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1552.008 - Chat Messages
MITREへのリンク →

Agrius

Score: 3.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Contagious Interview

Score: 20.80
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
MITREへのリンク →

Sandworm Team

Score: 38.44
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Star Blizzard

Score: 8.29
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1102.003 - One-Way Communication
MITREへのリンク →

Volt Typhoon

Score: 49.01
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1056.002 - GUI Input Capture
  • T1574.002 - DLL Side-Loading
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

LAPSUS$

Score: 12.23
Matched TTPs:
  • T1216.001 - PubPrn
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
MITREへのリンク →

Andariel

Score: 7.69
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1187 - Forced Authentication
MITREへのリンク →

Magic Hound

Score: 16.99
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1608.005 - Link Target
  • T1187 - Forced Authentication
  • T1098.002 - Additional Email Delegate Permissions
MITREへのリンク →

HAFNIUM

Score: 27.89
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1218.008 - Odbcconf
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1518.001 - Security Software Discovery
MITREへのリンク →

HEXANE

Score: 4.72
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT29

Score: 15.48
Matched TTPs:
  • T1099 - Timestomp
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Gamaredon Group

Score: 14.02
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1061 - Graphical User Interface
MITREへのリンク →

TA2541

Score: 6.73
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

Lotus Blossom

Score: 8.42
Matched TTPs:
  • T1099 - Timestomp
  • T1056.002 - GUI Input Capture
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 12.04
Matched TTPs:
  • T1099 - Timestomp
  • T1553.002 - Code Signing
  • T1552.003 - Shell History
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 13.90
Matched TTPs:
  • T1099 - Timestomp
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 19.24
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1583.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1056.002 - GUI Input Capture
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

ZIRCONIUM

Score: 15.10
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1608.006 - SEO Poisoning
  • T1578.001 - Create Snapshot
MITREへのリンク →

Leviathan

Score: 6.37
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Silent Librarian

Score: 3.29
Matched TTPs:
  • T1114 - Email Collection
MITREへのリンク →

EXOTIC LILY

Score: 9.80
Matched TTPs:
  • T1114 - Email Collection
  • T1091 - Replication Through Removable Media
  • T1149 - LC_MAIN Hijacking
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

Ke3chang

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

Velvet Ant

Score: 5.96
Matched TTPs:
  • T1583.005 - Botnet
  • T1569.002 - Service Execution
MITREへのリンク →

Salt Typhoon

Score: 6.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
MITREへのリンク →

APT33

Score: 3.03
Matched TTPs:
  • T1583.005 - Botnet
MITREへのリンク →

UNC3886

Score: 9.76
Matched TTPs:
  • T1583.005 - Botnet
  • T1021.006 - Windows Remote Management
  • T1578.001 - Create Snapshot
MITREへのリンク →

DarkVishnya

Score: 3.03
Matched TTPs:
  • T1583.005 - Botnet
MITREへのリンク →

Earth Lusca

Score: 7.61
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Mustang Panda

Score: 20.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1055.005 - Thread Local Storage
MITREへのリンク →

OilRig

Score: 5.82
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
MITREへのリンク →

LazyScripter

Score: 3.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

Threat Group-3390

Score: 6.11
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
MITREへのリンク →

APT32

Score: 7.83
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
MITREへのリンク →

Saint Bear

Score: 3.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

Moonstone Sleet

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
MITREへのリンク →

FIN7

Score: 9.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1578.001 - Create Snapshot
MITREへのリンク →

Higaisa

Score: 10.06
Matched TTPs:
  • T1569.003 - Systemctl
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Medusa Group

Score: 15.95
Matched TTPs:
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1598 - Phishing for Information
MITREへのリンク →

Winter Vivern

Score: 8.16
Matched TTPs:
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Dragonfly

Score: 3.84
Matched TTPs:
  • T1193 - Spearphishing Attachment
MITREへのリンク →

BRONZE BUTLER

Score: 9.72
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

Axiom

Score: 3.62
Matched TTPs:
  • T1049 - System Network Connections Discovery
MITREへのリンク →

INC Ransom

Score: 6.37
Matched TTPs:
  • T1552.003 - Shell History
  • T1055.009 - Proc Memory
MITREへのリンク →

Storm-0501

Score: 10.50
Matched TTPs:
  • T1552.003 - Shell History
  • T1518.001 - Security Software Discovery
  • T1055.009 - Proc Memory
MITREへのリンク →

Lazarus Group

Score: 14.95
Matched TTPs:
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

CURIUM

Score: 6.21
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1578.001 - Create Snapshot
MITREへのリンク →

RedCurl

Score: 3.84
Matched TTPs:
  • T1055.009 - Proc Memory
MITREへのリンク →

APT41

Score: 7.42
Matched TTPs:
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

Rocke

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

Patchwork

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.80
Matched TTPs:
  • T1164 - Re-opened Applications
  • T1057 - Process Discovery
  • T1578.001 - Create Snapshot
  • T1102.003 - One-Way Communication
  • T1569.002 - Service Execution
  • T1099 - Timestomp
  • T1056.002 - GUI Input Capture
  • T1574.002 - DLL Side-Loading
  • T1552.008 - Chat Messages
  • T1114 - Email Collection
  • T1049 - System Network Connections Discovery
  • T1148 - HISTCONTROL
  • T1553.002 - Code Signing
  • T1685.001 - Disable or Modify Windows Event Log
MITREへのリンク →

Sandworm Team

Score: 0.69
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1187 - Forced Authentication
  • T1111 - Multi-Factor Authentication Interception
  • T1102.003 - One-Way Communication
  • T1193 - Spearphishing Attachment
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1049 - System Network Connections Discovery
  • T1114 - Email Collection
  • T1005 - Data from Local System
  • T1583.005 - Botnet
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る