Trusted Design

Hunting Mr. Black IDs via Zegost cracking

概要

Malware is served under domain f3322.org which is having a super bad reputation in being used by Mr.Black ELF attacks and many more ELF attacks.The PE is a Win32/Zegost variant, the dropper/backdoor type. It drops, self deleted, auto-start set in registry, starting service. So it looks like that their services is used by the malware activities. It means the actor can be traced via contacting the f3322.org abuse accordingly. We're on it for we have long list of malicious subdomains used now.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

B8d96178 malware on Metadefender.com (score: 0.59)
New POS Malware Emerges - Punkey (score: 0.58)
The Curious Case of an Unknown Trojan Targeting German-Speaking Users (score: 0.57)
FBI CYWATCH A-000067-DM (score: 0.57)
The HookAds Malvertising Campaign (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 19.69

Matched TTPs:

T1053.007 - Container Orchestration Job
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1665 - Hide Infrastructure
T1008 - Fallback Channels
T1053.002 - At
T1490 - Inhibit System Recovery

MITREへのリンク →

Mustang Panda

Score: 11.76

Matched TTPs:

T1053.007 - Container Orchestration Job
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1055.005 - Thread Local Storage

MITREへのリンク →

APT3

Score: 7.24

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1578.002 - Create Cloud Instance

MITREへのリンク →

Dragonfly

Score: 8.76

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1098.007 - Additional Local or Domain Groups
T1578.002 - Create Cloud Instance

MITREへのリンク →

Salt Typhoon

Score: 3.62

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location

MITREへのリンク →

FIN6

Score: 3.62

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location

MITREへのリンク →

Sandworm Team

Score: 10.62

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1187 - Forced Authentication
T1204.001 - Malicious Link

MITREへのリンク →

TA2541

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Earth Lusca

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Mustard Tempest

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1053.002 - At

MITREへのリンク →

OilRig

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

TeamTNT

Score: 6.32

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1665 - Hide Infrastructure

MITREへのリンク →

LazyScripter

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Gamaredon Group

Score: 8.03

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1061 - Graphical User Interface

MITREへのリンク →

Star Blizzard

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Threat Group-3390

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

SideCopy

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1053.002 - At

MITREへのリンク →

TA505

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

BlackByte

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1204.001 - Malicious Link

MITREへのリンク →

BITTER

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

APT32

Score: 6.16

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1490 - Inhibit System Recovery

MITREへのリンク →

HEXANE

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Moonstone Sleet

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Contagious Interview

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

FIN7

Score: 6.16

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1490 - Inhibit System Recovery

MITREへのリンク →

EXOTIC LILY

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

APT42

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

APT28

Score: 10.59

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1146 - Clear Command History
T1588.003 - Code Signing Certificates

MITREへのリンク →

Storm-1811

Score: 5.14

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1578.002 - Create Cloud Instance

MITREへのリンク →

APT1

Score: 4.80

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1053.002 - At

MITREへのリンク →

Scattered Spider

Score: 4.80

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1204.001 - Malicious Link

MITREへのリンク →

Transparent Tribe

Score: 4.80

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1053.002 - At

MITREへのリンク →

Lazarus Group

Score: 8.48

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure

MITREへのリンク →

Sea Turtle

Score: 4.18

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1490 - Inhibit System Recovery

MITREへのリンク →

Magic Hound

Score: 12.27

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1187 - Forced Authentication
T1578.002 - Create Cloud Instance
T1053.002 - At

MITREへのリンク →

Andariel

Score: 3.84

Matched TTPs:

T1187 - Forced Authentication

MITREへのリンク →

APT29

Score: 7.20

Matched TTPs:

T1546.018 - Python Startup Hooks
T1490 - Inhibit System Recovery

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1160 - Launch Daemon

MITREへのリンク →

Tropic Trooper

Score: 5.50

Matched TTPs:

T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

Patchwork

Score: 6.12

Matched TTPs:

T1665 - Hide Infrastructure
T1008 - Fallback Channels

MITREへのリンク →

Medusa Group

Score: 7.82

Matched TTPs:

T1204.001 - Malicious Link
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Storm-0501

Score: 3.29

Matched TTPs:

T1204.001 - Malicious Link

MITREへのリンク →

Wizard Spider

Score: 3.29

Matched TTPs:

T1204.001 - Malicious Link

MITREへのリンク →

Rocke

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

APT41

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

BRONZE BUTLER

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79

Matched TTPs:

T1091 - Replication Through Removable Media
T1665 - Hide Infrastructure
T1008 - Fallback Channels
T1053.007 - Container Orchestration Job
T1490 - Inhibit System Recovery
T1053.002 - At
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る