Trusted Design

Uncovering Bunitu’s Secrets

概要

In our previous analysis (MalwareBytes) we showed how the Bunitu Trojan was distributed via the Neutrino exploit kit in various malvertising campaigns. After spending more time analyzing the proxy, we realized that the requests we were receiving were not related to ad-fraud activity (as we initially suspected) but instead appeared to be for some sort of VPN service. We believe that the operators of the Bunitu botnet are selling access to infected proxy bots as a way to monetize their botnet. People using certain VPN service providers to protect their privacy are completely unaware that the backend uses a criminal infrastructure of infected computers worldwide.

Created: 2026-02-23

Indicators

類似Pulses

Bedep Ad-Fraud Botnet Analysis (score: 0.66)
CoreBot activity linked to stolen information sold online (score: 0.63)
A New All-in-One Botnet: Proteus (score: 0.62)
Fraud Botnet (score: 0.61)
Tale of the Two Payloads – TrickBot and Nitol (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 29.85

Matched TTPs:

T1583 - Acquire Infrastructure
T1594 - Search Victim-Owned Websites
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1657 - Financial Theft
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1593 - Search Open Websites/Domains
T1588.005 - Exploits
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Sea Turtle

Score: 3.03

Matched TTPs:

T1583 - Acquire Infrastructure

MITREへのリンク →

Ember Bear

Score: 17.89

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1195 - Supply Chain Compromise
T1090.003 - Multi-hop Proxy
T1588.005 - Exploits

MITREへのリンク →

Indrik Spider

Score: 6.88

Matched TTPs:

T1583 - Acquire Infrastructure
T1590 - Gather Victim Network Information

MITREへのリンク →

Agrius

Score: 3.03

Matched TTPs:

T1583 - Acquire Infrastructure

MITREへのリンク →

Contagious Interview

Score: 20.80

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1593.003 - Code Repositories
T1657 - Financial Theft
T1583.006 - Web Services
T1593 - Search Open Websites/Domains

MITREへのリンク →

Sandworm Team

Score: 38.44

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1594 - Search Victim-Owned Websites
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1591.002 - Business Relationships
T1584.005 - Botnet
T1593 - Search Open Websites/Domains
T1592.002 - Software
T1590.001 - Domain Properties

MITREへのリンク →

Star Blizzard

Score: 8.29

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1593 - Search Open Websites/Domains

MITREへのリンク →

Volt Typhoon

Score: 49.01

Matched TTPs:

T1592 - Gather Victim Host Information
T1016.001 - Internet Connection Discovery
T1584.008 - Network Devices
T1594 - Search Victim-Owned Websites
T1590.004 - Network Topology
T1590.006 - Network Security Appliances
T1584.005 - Botnet
T1591 - Gather Victim Org Information
T1590 - Gather Victim Network Information
T1593 - Search Open Websites/Domains
T1090.003 - Multi-hop Proxy
T1596.005 - Scan Databases
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

LAPSUS$

Score: 12.23

Matched TTPs:

T1597.002 - Purchase Technical Data
T1591.002 - Business Relationships
T1593.003 - Code Repositories

MITREへのリンク →

Andariel

Score: 7.69

Matched TTPs:

T1590.005 - IP Addresses
T1592.002 - Software

MITREへのリンク →

Magic Hound

Score: 16.99

Matched TTPs:

T1590.005 - IP Addresses
T1016.001 - Internet Connection Discovery
T1583.006 - Web Services
T1592.002 - Software
T1591.001 - Determine Physical Locations

MITREへのリンク →

HAFNIUM

Score: 27.89

Matched TTPs:

T1590.005 - IP Addresses
T1016.001 - Internet Connection Discovery
T1583.005 - Botnet
T1593.003 - Code Repositories
T1584.005 - Botnet
T1583.006 - Web Services
T1590 - Gather Victim Network Information
T1555.006 - Cloud Secrets Management Stores

MITREへのリンク →

HEXANE

Score: 4.72

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware

MITREへのリンク →

APT29

Score: 15.48

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1550.003 - Pass the Ticket
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1665 - Hide Infrastructure

MITREへのリンク →

Gamaredon Group

Score: 14.02

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1001 - Data Obfuscation

MITREへのリンク →

TA2541

Score: 6.73

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware
T1583.006 - Web Services

MITREへのリンク →

Lotus Blossom

Score: 8.42

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1090.003 - Multi-hop Proxy
T1090.001 - Internal Proxy

MITREへのリンク →

FIN13

Score: 12.04

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1590.004 - Network Topology
T1657 - Financial Theft
T1090.001 - Internal Proxy

MITREへのリンク →

Turla

Score: 13.90

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1583.006 - Web Services
T1584.006 - Web Services
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

APT28

Score: 19.24

Matched TTPs:

T1584.008 - Network Devices
T1040 - Network Sniffing
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1090.003 - Multi-hop Proxy
T1669 - Wi-Fi Networks

MITREへのリンク →

ZIRCONIUM

Score: 15.10

Matched TTPs:

T1584.008 - Network Devices
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1665 - Hide Infrastructure
T1124 - System Time Discovery

MITREへのリンク →

Leviathan

Score: 6.37

Matched TTPs:

T1584.008 - Network Devices
T1090.003 - Multi-hop Proxy

MITREへのリンク →

Silent Librarian

Score: 3.29

Matched TTPs:

T1594 - Search Victim-Owned Websites

MITREへのリンク →

EXOTIC LILY

Score: 9.80

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1608.001 - Upload Malware
T1597 - Search Closed Sources

MITREへのリンク →

TA578

Score: 5.30

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1583.006 - Web Services

MITREへのリンク →

APT5

Score: 3.84

Matched TTPs:

T1583.005 - Botnet

MITREへのリンク →

Ke3chang

Score: 3.84

Matched TTPs:

T1583.005 - Botnet

MITREへのリンク →

Velvet Ant

Score: 5.96

Matched TTPs:

T1040 - Network Sniffing
T1090.001 - Internal Proxy

MITREへのリンク →

Salt Typhoon

Score: 6.88

Matched TTPs:

T1040 - Network Sniffing
T1590.004 - Network Topology

MITREへのリンク →

APT33

Score: 3.03

Matched TTPs:

T1040 - Network Sniffing

MITREへのリンク →

UNC3886

Score: 9.76

Matched TTPs:

T1040 - Network Sniffing
T1681 - Search Threat Vendor Data
T1124 - System Time Discovery

MITREへのリンク →

DarkVishnya

Score: 3.03

Matched TTPs:

T1040 - Network Sniffing

MITREへのリンク →

Earth Lusca

Score: 7.61

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1584.006 - Web Services

MITREへのリンク →

Mustang Panda

Score: 20.48

Matched TTPs:

T1608.001 - Upload Malware
T1608 - Stage Capabilities
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1678 - Delay Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

OilRig

Score: 5.82

Matched TTPs:

T1608.001 - Upload Malware
T1195 - Supply Chain Compromise

MITREへのリンク →

LazyScripter

Score: 3.99

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services

MITREへのリンク →

Threat Group-3390

Score: 6.11

Matched TTPs:

T1608.001 - Upload Malware
T1608.002 - Upload Tool

MITREへのリンク →

APT32

Score: 7.83

Matched TTPs:

T1608.001 - Upload Malware
T1550.003 - Pass the Ticket
T1583.006 - Web Services

MITREへのリンク →

Saint Bear

Score: 3.99

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services

MITREへのリンク →

Moonstone Sleet

Score: 5.26

Matched TTPs:

T1608.001 - Upload Malware
T1591 - Gather Victim Org Information

MITREへのリンク →

FIN7

Score: 9.86

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1124 - System Time Discovery

MITREへのリンク →

Higaisa

Score: 10.06

Matched TTPs:

T1029 - Scheduled Transfer
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Medusa Group

Score: 15.95

Matched TTPs:

T1608.002 - Upload Tool
T1657 - Financial Theft
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1650 - Acquire Access

MITREへのリンク →

Winter Vivern

Score: 8.16

Matched TTPs:

T1056.003 - Web Portal Capture
T1584.006 - Web Services

MITREへのリンク →

Dragonfly

Score: 3.84

Matched TTPs:

T1591.002 - Business Relationships

MITREへのリンク →

BRONZE BUTLER

Score: 9.72

Matched TTPs:

T1550.003 - Pass the Ticket
T1124 - System Time Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Axiom

Score: 3.62

Matched TTPs:

T1584.005 - Botnet

MITREへのリンク →

INC Ransom

Score: 6.37

Matched TTPs:

T1657 - Financial Theft
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Storm-0501

Score: 10.50

Matched TTPs:

T1657 - Financial Theft
T1555.006 - Cloud Secrets Management Stores
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Lazarus Group

Score: 14.95

Matched TTPs:

T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

CURIUM

Score: 6.21

Matched TTPs:

T1584.006 - Web Services
T1124 - System Time Discovery

MITREへのリンク →

RedCurl

Score: 3.84

Matched TTPs:

T1537 - Transfer Data to Cloud Account

MITREへのリンク →

APT41

Score: 7.42

Matched TTPs:

T1596.005 - Scan Databases
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Rocke

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

Patchwork

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.80

Matched TTPs:

T1593 - Search Open Websites/Domains
T1594 - Search Victim-Owned Websites
T1591 - Gather Victim Org Information
T1584.005 - Botnet
T1592 - Gather Victim Host Information
T1590 - Gather Victim Network Information
T1090.003 - Multi-hop Proxy
T1596.005 - Scan Databases
T1590.006 - Network Security Appliances
T1584.008 - Network Devices
T1590.004 - Network Topology
T1016.001 - Internet Connection Discovery
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Sandworm Team

Score: 0.69

Matched TTPs:

T1593 - Search Open Websites/Domains
T1592.002 - Software
T1608.001 - Upload Malware
T1594 - Search Victim-Owned Websites
T1195 - Supply Chain Compromise
T1584.005 - Botnet
T1591.002 - Business Relationships
T1590.001 - Domain Properties
T1040 - Network Sniffing
T1491.002 - External Defacement
T1583 - Acquire Infrastructure

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る