Trusted Design

Banking Trojan Escelar Infects Thousands In Brazil and the US

概要

Unit 42 for the past three months has been tracking a banking Trojan targeting victims in Brazil and the United States. Escelar originally surfaced in January of this year, and has since had roughly 100,000 instances of attempted infections. Attackers deliver the Trojan using generic Portuguese language phishing emails and are currently targeting seven Brazilian banks. Once delivered, Escelar has multiple installation stages where malware is downloaded using direct connections to multiple Microsoft SQL servers. These SQL servers are also used for command and control (C2) functionality. The most recently discovered Microsoft SQL server being used as Escalar infrastructure contained records of 1660 infections that all connected in a two-day time frame. The malware is able to control banking transactions conducted using Internet Explorer, and harvest email credentials, which are in turn used to spread the malware further.

Created: 2026-02-23

Indicators

類似Pulses

ESET | Malicious scripts gaining prevalence in Brazil (score: 0.65)
EngineBox Malware Supports 10+ Brazilian Banks - SANS Internet Storm Center (score: 0.65)
Avast: The evolution of the Retefe banking Trojan (score: 0.61)
Banking Trojan Attempts To Steal Brazillion$ (score: 0.60)
Colombians major target of email campaigns delivering Xtreme RAT (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 21.07

Matched TTPs:

T1564.008 - Email Hiding Rules
T1069 - Permission Groups Discovery
T1580 - Cloud Infrastructure Discovery
T1588.001 - Malware
T1074 - Data Staged
T1598 - Phishing for Information

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1564.008 - Email Hiding Rules

MITREへのリンク →

Mustard Tempest

Score: 6.51

Matched TTPs:

T1583.008 - Malvertising
T1608.001 - Upload Malware

MITREへのリンク →

APT41

Score: 14.06

Matched TTPs:

T1069 - Permission Groups Discovery
T1190 - Exploit Public-Facing Application
T1104 - Multi-Stage Channels
T1569.002 - Service Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TA505

Score: 7.72

Matched TTPs:

T1069 - Permission Groups Discovery
T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

Volt Typhoon

Score: 17.93

Matched TTPs:

T1069 - Permission Groups Discovery
T1190 - Exploit Public-Facing Application
T1074 - Data Staged
T1614 - System Location Discovery
T1584.004 - Server
T1124 - System Time Discovery

MITREへのリンク →

APT3

Score: 6.91

Matched TTPs:

T1069 - Permission Groups Discovery
T1104 - Multi-Stage Channels

MITREへのリンク →

FIN13

Score: 6.85

Matched TTPs:

T1069 - Permission Groups Discovery
T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

OilRig

Score: 22.22

Matched TTPs:

T1025 - Data from Removable Media
T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1137.004 - Outlook Home Page
T1555.004 - Windows Credential Manager
T1566.003 - Spearphishing via Service

MITREへのリンク →

Gamaredon Group

Score: 10.52

Matched TTPs:

T1025 - Data from Removable Media
T1608.001 - Upload Malware
T1102 - Web Service
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT28

Score: 15.06

Matched TTPs:

T1025 - Data from Removable Media
T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1598 - Phishing for Information
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Turla

Score: 24.81

Matched TTPs:

T1025 - Data from Removable Media
T1587.001 - Malware
T1588.001 - Malware
T1102 - Web Service
T1102.002 - Bidirectional Communication
T1555.004 - Windows Credential Manager
T1584.004 - Server
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Kimsuky

Score: 20.07

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1102.002 - Bidirectional Communication
T1598 - Phishing for Information
T1102.001 - Dead Drop Resolver
T1078.003 - Local Accounts

MITREへのリンク →

Moonstone Sleet

Score: 12.43

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1598 - Phishing for Information
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 4.93

Matched TTPs:

T1587.001 - Malware
T1584.004 - Server

MITREへのリンク →

Lazarus Group

Score: 28.36

Matched TTPs:

T1587.001 - Malware
T1070 - Indicator Removal
T1104 - Multi-Stage Channels
T1574.013 - KernelCallbackTable
T1102.002 - Bidirectional Communication
T1584.004 - Server
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 10.72

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 12.75

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data
T1588.001 - Malware
T1124 - System Time Discovery

MITREへのリンク →

LuminousMoth

Score: 6.53

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

Sandworm Team

Score: 14.61

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1584.004 - Server

MITREへのリンク →

Salt Typhoon

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

APT29

Score: 12.60

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1550.003 - Pass the Ticket
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

Play

Score: 6.23

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1078.003 - Local Accounts

MITREへのリンク →

RedCurl

Score: 4.62

Matched TTPs:

T1587.001 - Malware
T1102 - Web Service

MITREへのリンク →

Moses Staff

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Ke3chang

Score: 9.59

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1614.001 - System Language Discovery
T1569.002 - Service Execution

MITREへのリンク →

Mustang Panda

Score: 14.35

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1070 - Indicator Removal
T1102 - Web Service
T1027.007 - Dynamic API Resolution

MITREへのリンク →

TeamTNT

Score: 6.59

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1102 - Web Service

MITREへのリンク →

FIN7

Score: 20.13

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1674 - Input Injection
T1102.002 - Bidirectional Communication
T1569.002 - Service Execution
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

TA2541

Score: 4.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

Earth Lusca

Score: 8.73

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1584.004 - Server

MITREへのリンク →

LazyScripter

Score: 6.95

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1102 - Web Service

MITREへのリンク →

Threat Group-3390

Score: 3.44

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

SideCopy

Score: 6.11

Matched TTPs:

T1608.001 - Upload Malware
T1614 - System Location Discovery

MITREへのリンク →

BlackByte

Score: 9.46

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1614.001 - System Language Discovery
T1569.002 - Service Execution

MITREへのリンク →

APT32

Score: 16.15

Matched TTPs:

T1608.001 - Upload Malware
T1550.003 - Pass the Ticket
T1102 - Web Service
T1218.010 - Regsvr32
T1569.002 - Service Execution
T1078.003 - Local Accounts

MITREへのリンク →

HEXANE

Score: 4.37

Matched TTPs:

T1608.001 - Upload Malware
T1102.002 - Bidirectional Communication

MITREへのリンク →

EXOTIC LILY

Score: 7.02

Matched TTPs:

T1608.001 - Upload Malware
T1102 - Web Service
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 8.12

Matched TTPs:

T1608.001 - Upload Malware
T1070 - Indicator Removal
T1102 - Web Service

MITREへのリンク →

Ember Bear

Score: 7.77

Matched TTPs:

T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1588.001 - Malware

MITREへのリンク →

Rocke

Score: 7.28

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102 - Web Service
T1102.001 - Dead Drop Resolver

MITREへのリンク →

BackdoorDiplomacy

Score: 3.93

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.001 - Malware

MITREへのリンク →

Magic Hound

Score: 6.39

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 3.87

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1569.002 - Service Execution

MITREへのリンク →

Sea Turtle

Score: 4.14

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1078.003 - Local Accounts

MITREへのリンク →

Storm-0501

Score: 11.97

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1580 - Cloud Infrastructure Discovery
T1218.010 - Regsvr32
T1614.001 - System Language Discovery

MITREへのリンク →

Fox Kitten

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102 - Web Service

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

Blue Mockingbird

Score: 6.61

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1569.002 - Service Execution

MITREへのリンク →

Leviathan

Score: 7.05

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1584.004 - Server

MITREへのリンク →

INC Ransom

Score: 7.49

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1074 - Data Staged
T1569.002 - Service Execution

MITREへのリンク →

Dragonfly

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

Axiom

Score: 6.01

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1001.002 - Steganography

MITREへのリンク →

HAFNIUM

Score: 4.14

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1078.003 - Local Accounts

MITREへのリンク →

APT5

Score: 5.09

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1070 - Indicator Removal

MITREへのリンク →

MuddyWater

Score: 7.49

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1104 - Multi-Stage Channels
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT39

Score: 6.27

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1569.002 - Service Execution

MITREへのリンク →

BRONZE BUTLER

Score: 9.72

Matched TTPs:

T1550.003 - Pass the Ticket
T1124 - System Time Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Wizard Spider

Score: 9.64

Matched TTPs:

T1074 - Data Staged
T1555.004 - Windows Credential Manager
T1569.002 - Service Execution

MITREへのリンク →

Inception

Score: 5.27

Matched TTPs:

T1102 - Web Service
T1218.010 - Regsvr32

MITREへのリンク →

FIN6

Score: 7.44

Matched TTPs:

T1102 - Web Service
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

ZIRCONIUM

Score: 8.43

Matched TTPs:

T1102.002 - Bidirectional Communication
T1598 - Phishing for Information
T1124 - System Time Discovery

MITREへのリンク →

Malteiro

Score: 3.62

Matched TTPs:

T1614.001 - System Language Discovery

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Chimera

Score: 4.99

Matched TTPs:

T1569.002 - Service Execution
T1124 - System Time Discovery

MITREへのリンク →

Velvet Ant

Score: 9.20

Matched TTPs:

T1569.002 - Service Execution
T1078.003 - Local Accounts
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

Patchwork

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79

Matched TTPs:

T1587.001 - Malware
T1070 - Indicator Removal
T1104 - Multi-Stage Channels
T1027.007 - Dynamic API Resolution
T1102.002 - Bidirectional Communication
T1574.013 - KernelCallbackTable
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1584.004 - Server

MITREへのリンク →

Turla

Score: 0.75

Matched TTPs:

T1587.001 - Malware
T1078.003 - Local Accounts
T1555.004 - Windows Credential Manager
T1102.002 - Bidirectional Communication
T1025 - Data from Removable Media
T1124 - System Time Discovery
T1102 - Web Service
T1588.001 - Malware
T1584.004 - Server

MITREへのリンク →

FIN7

Score: 0.64

Matched TTPs:

T1587.001 - Malware
T1569.002 - Service Execution
T1078.003 - Local Accounts
T1674 - Input Injection
T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1608.001 - Upload Malware
T1124 - System Time Discovery

MITREへのリンク →

Scattered Spider

Score: 0.63

Matched TTPs:

T1069 - Permission Groups Discovery
T1074 - Data Staged
T1598 - Phishing for Information
T1580 - Cloud Infrastructure Discovery
T1564.008 - Email Hiding Rules
T1588.001 - Malware

MITREへのリンク →

OilRig

Score: 0.61

Matched TTPs:

T1587.001 - Malware
T1555.004 - Windows Credential Manager
T1195 - Supply Chain Compromise
T1025 - Data from Removable Media
T1608.001 - Upload Malware
T1137.004 - Outlook Home Page
T1566.003 - Spearphishing via Service

MITREへのリンク →

Kimsuky

Score: 0.56

Matched TTPs:

T1587.001 - Malware
T1218.010 - Regsvr32
T1078.003 - Local Accounts
T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1608.001 - Upload Malware
T1598 - Phishing for Information
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る