Trusted Design

UPATRE/DYRE MALSPAM -SUBJ: SCANNED IMAGE FROM A XEROX WORKCENTRE

概要

Malicious spam (malspam) delivering Upatre/Dyre has been an ongoing issue for quite some time. Many organizations have posted articles about this malware. Upatre is the malware downloader that retrieves Dyre (Dyreza), an information stealer described as a "Zeus-like banking Trojan". Earlier this year, EmergingThreats reported Upatre and Dyre are under constant development , while SecureWorks told us banking botnets continue to deliver this malspam despite previous takedowns. Botnets sending waves of malspam with Upatre as zip file attachments are a near-daily occurrence. Most organizations won't see these emails, because the messages are almost always blocked by spam filters. Because security researchers find Upatre/Dyre malspam nearly every day, it's a bit tiresome to write about, and we sometimes gloss over the information when it comes our way. After all, the malspam is being blocked, right?

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 20.56
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.004 - Exfiltration Over Webhook
  • T1547.002 - Authentication Package
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
MITREへのリンク →

Moonstone Sleet

Score: 22.24
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 15.84
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1566.002 - Spearphishing Link
  • T1491 - Defacement
  • T1552.003 - Shell History
  • T1197 - BITS Jobs
MITREへのリンク →

FIN4

Score: 6.45
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Ember Bear

Score: 4.13
Matched TTPs:
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Sandworm Team

Score: 23.50
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1049 - System Network Connections Discovery
  • T1122 - Component Object Model Hijacking
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
MITREへのリンク →

Mustard Tempest

Score: 12.50
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
MITREへのリンク →

BlackTech

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
MITREへのリンク →

MuddyWater

Score: 4.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
MITREへのリンク →

LuminousMoth

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Mofang

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Kimsuky

Score: 28.14
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1567.004 - Exfiltration Over Webhook
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1526 - Cloud Service Discovery
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Sidewinder

Score: 10.99
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1578.001 - Create Snapshot
MITREへのリンク →

FIN7

Score: 9.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustang Panda

Score: 16.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1567.004 - Exfiltration Over Webhook
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

FIN8

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
MITREへのリンク →

APT32

Score: 9.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1567.004 - Exfiltration Over Webhook
MITREへのリンク →

Leviathan

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

ZIRCONIUM

Score: 12.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1578.001 - Create Snapshot
MITREへのリンク →

EXOTIC LILY

Score: 6.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Magic Hound

Score: 12.67
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 9.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1526 - Cloud Service Discovery
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 4.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT29

Score: 14.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.004 - Exfiltration Over Webhook
  • T1122 - Component Object Model Hijacking
  • T1223 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA2541

Score: 7.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

RedCurl

Score: 5.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Storm-1811

Score: 8.51
Matched TTPs:
  • T1543.003 - Windows Service
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 6.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1578.001 - Create Snapshot
MITREへのリンク →

Wizard Spider

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Patchwork

Score: 4.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
MITREへのリンク →

TA505

Score: 4.29
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

LazyScripter

Score: 4.29
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT42

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT39

Score: 4.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
MITREへのリンク →

APT28

Score: 18.80
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1567.004 - Exfiltration Over Webhook
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Star Blizzard

Score: 8.93
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

CURIUM

Score: 8.45
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 6.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
MITREへのリンク →

FIN6

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 3.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1578.001 - Create Snapshot
MITREへのリンク →

menuPass

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Threat Group-3390

Score: 11.90
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1122 - Component Object Model Hijacking
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

Gamaredon Group

Score: 8.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 3.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1578.001 - Create Snapshot
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

Higaisa

Score: 6.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

APT12

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 6.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Andariel

Score: 4.72
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1187 - Forced Authentication
MITREへのリンク →

APT37

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
MITREへのリンク →

APT38

Score: 6.91
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1567.004 - Exfiltration Over Webhook
  • T1491 - Defacement
MITREへのリンク →

The White Company

Score: 3.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1578.001 - Create Snapshot
MITREへのリンク →

HEXANE

Score: 4.37
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
MITREへのリンク →

Contagious Interview

Score: 10.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 5.34
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1578.001 - Create Snapshot
MITREへのリンク →

Chimera

Score: 8.62
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1491 - Defacement
  • T1578.001 - Create Snapshot
MITREへのリンク →

Fox Kitten

Score: 3.29
Matched TTPs:
  • T1491 - Defacement
MITREへのリンク →

Volt Typhoon

Score: 9.50
Matched TTPs:
  • T1491 - Defacement
  • T1049 - System Network Connections Discovery
  • T1578.001 - Create Snapshot
MITREへのリンク →

HAFNIUM

Score: 6.37
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Axiom

Score: 6.91
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

INC Ransom

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 7.06
Matched TTPs:
  • T1552.003 - Shell History
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.03
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

POLONIUM

Score: 5.14
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Sea Turtle

Score: 6.03
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82
Matched TTPs:
  • T1197 - BITS Jobs
  • T1552.003 - Shell History
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
  • T1126 - Network Share Connection Removal
  • T1091 - Replication Through Removable Media
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1547.002 - Authentication Package
  • T1566.002 - Spearphishing Link
  • T1567.004 - Exfiltration Over Webhook
  • T1543.003 - Windows Service
MITREへのリンク →

Sandworm Team

Score: 0.71
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1598.003 - Spearphishing Link
  • T1049 - System Network Connections Discovery
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
  • T1122 - Component Object Model Hijacking
  • T1566.002 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1187 - Forced Authentication
MITREへのリンク →

Moonstone Sleet

Score: 0.69
Matched TTPs:
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
  • T1132.001 - Standard Encoding
  • T1491 - Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1566.002 - Spearphishing Link
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Lazarus Group

Score: 0.61
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1132.001 - Standard Encoding
  • T1598.003 - Spearphishing Link
  • T1055.005 - Thread Local Storage
  • T1547.002 - Authentication Package
  • T1567.004 - Exfiltration Over Webhook
  • T1543.003 - Windows Service
MITREへのリンク →

APT28

Score: 0.58
Matched TTPs:
  • T1197 - BITS Jobs
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1122 - Component Object Model Hijacking
  • T1566.002 - Spearphishing Link
  • T1567.004 - Exfiltration Over Webhook
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る