Trusted Design

Analysis of an Undetected Dridex Sample

概要

On the 4th of August one of our customers reported an infection attempt on one of their machines. In their deployment ReaQta-core is used to augment the security of their signature-based enterprise endpoint protection system, so an infection attempt detected by our solution is a sign that the AV missed the threat. Usually this either means that the attack is targeted or that the malware is brand new, let's find out together the result of our investigation.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

UKMail 988271023 tracking information - Dridex attempt (score: 0.68)
Banking Trojan DRIDEX (score: 0.66)
Signed Dridex Campaign (score: 0.65)
Dridex Malware Hashes (score: 0.64)
Dridex Malware Hashes (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 7.52

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

FIN13

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Moonstone Sleet

Score: 4.62

Matched TTPs:

T1587.001 - Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 12.37

Matched TTPs:

T1587.001 - Malware
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service
T1529 - System Shutdown/Reboot

MITREへのリンク →

Contagious Interview

Score: 8.46

Matched TTPs:

T1587.001 - Malware
T1497 - Virtualization/Sandbox Evasion
T1566.003 - Spearphishing via Service

MITREへのリンク →

OilRig

Score: 11.62

Matched TTPs:

T1587.001 - Malware
T1195 - Supply Chain Compromise
T1027.005 - Indicator Removal from Tools
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 6.72

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1027.005 - Indicator Removal from Tools

MITREへのリンク →

Sandworm Team

Score: 7.41

Matched TTPs:

T1587.001 - Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Salt Typhoon

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

APT29

Score: 12.68

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1651 - Cloud Administration Command
T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

Play

Score: 5.46

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery

MITREへのリンク →

Aoqin Dragon

Score: 4.15

Matched TTPs:

T1587.001 - Malware
T1027.002 - Software Packing

MITREへのリンク →

Moses Staff

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Turla

Score: 7.15

Matched TTPs:

T1587.001 - Malware
T1027.005 - Indicator Removal from Tools
T1518.001 - Security Software Discovery

MITREへのリンク →

Ke3chang

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Mustang Panda

Score: 10.77

Matched TTPs:

T1587.001 - Malware
T1678 - Delay Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

TeamTNT

Score: 10.59

Matched TTPs:

T1587.001 - Malware
T1610 - Deploy Container
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

FIN7

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Ember Bear

Score: 5.31

Matched TTPs:

T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Rocke

Score: 5.42

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

Threat Group-3390

Score: 3.52

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1027.002 - Software Packing

MITREへのリンク →

Volt Typhoon

Score: 7.66

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1614 - System Location Discovery
T1027.002 - Software Packing

MITREへのリンク →

APT28

Score: 5.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Magic Hound

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 9.04

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery
T1027.002 - Software Packing
T1529 - System Shutdown/Reboot

MITREへのリンク →

Storm-0501

Score: 5.42

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

BlackByte

Score: 3.37

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery

MITREへのリンク →

ToddyCat

Score: 5.89

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

GALLIUM

Score: 6.67

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1027.005 - Indicator Removal from Tools
T1027.002 - Software Packing

MITREへのリンク →

Axiom

Score: 6.01

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1001.002 - Steganography

MITREへのリンク →

APT41

Score: 3.52

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1027.002 - Software Packing

MITREへのリンク →

MuddyWater

Score: 3.37

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery

MITREへのリンク →

APT39

Score: 3.52

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1027.002 - Software Packing

MITREへのリンク →

Equation

Score: 4.54

Matched TTPs:

T1542.002 - Component Firmware

MITREへのリンク →

Saint Bear

Score: 5.90

Matched TTPs:

T1497 - Virtualization/Sandbox Evasion
T1027.002 - Software Packing

MITREへのリンク →

Darkhotel

Score: 5.74

Matched TTPs:

T1497 - Virtualization/Sandbox Evasion
T1518.001 - Security Software Discovery

MITREへのリンク →

Patchwork

Score: 7.10

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

Deep Panda

Score: 3.15

Matched TTPs:

T1027.005 - Indicator Removal from Tools

MITREへのリンク →

APT3

Score: 5.20

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1027.002 - Software Packing

MITREへのリンク →

APT37

Score: 7.75

Matched TTPs:

T1036.001 - Invalid Code Signature
T1529 - System Shutdown/Reboot

MITREへのリンク →

Windshift

Score: 8.55

Matched TTPs:

T1036.001 - Invalid Code Signature
T1518.001 - Security Software Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

SideCopy

Score: 6.03

Matched TTPs:

T1614 - System Location Discovery
T1518.001 - Security Software Discovery

MITREへのリンク →

APT38

Score: 7.57

Matched TTPs:

T1518.001 - Security Software Discovery
T1027.002 - Software Packing
T1529 - System Shutdown/Reboot

MITREへのリンク →

TA2541

Score: 3.95

Matched TTPs:

T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

The White Company

Score: 3.95

Matched TTPs:

T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

Dark Caracal

Score: 4.58

Matched TTPs:

T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT29

Score: 0.78

Matched TTPs:

T1566.003 - Spearphishing via Service
T1027.002 - Software Packing
T1587.001 - Malware
T1651 - Cloud Administration Command
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Lazarus Group

Score: 0.78

Matched TTPs:

T1587.001 - Malware
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service
T1529 - System Shutdown/Reboot

MITREへのリンク →

OilRig

Score: 0.71

Matched TTPs:

T1587.001 - Malware
T1566.003 - Spearphishing via Service
T1195 - Supply Chain Compromise
T1027.005 - Indicator Removal from Tools

MITREへのリンク →

TeamTNT

Score: 0.71

Matched TTPs:

T1587.001 - Malware
T1518.001 - Security Software Discovery
T1610 - Deploy Container
T1027.002 - Software Packing

MITREへのリンク →

Mustang Panda

Score: 0.66

Matched TTPs:

T1587.001 - Malware
T1027.007 - Dynamic API Resolution
T1678 - Delay Execution

MITREへのリンク →

Medusa Group

Score: 0.62

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1518.001 - Security Software Discovery
T1529 - System Shutdown/Reboot
T1027.002 - Software Packing

MITREへのリンク →

Windshift

Score: 0.55

Matched TTPs:

T1566.003 - Spearphishing via Service
T1036.001 - Invalid Code Signature
T1518.001 - Security Software Discovery

MITREへのリンク →

Contagious Interview

Score: 0.55

Matched TTPs:

T1587.001 - Malware
T1497 - Virtualization/Sandbox Evasion
T1566.003 - Spearphishing via Service

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る