Trusted Design

Affiliate’s Malspam Operation: Kovter and Miuref/Boaxxe

概要

In March of this year, reports of malspam campaigns utilizing an email attached “.doc.js” files, which tied back to the Kovter and Boaxxe clickfraud trojans. The analysis of these malware families have already been well documented here and here. Therefore, this post will concentrate on the botnet behind the malspam delivery and subsequent download for these recent malspam campaigns. It is believed that the miscreants behind the development of these trojans use an affiliate model to have their malicious wares infect victims via botnet or exploit kit operators.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Necurs Botnet Fuels Massive Spam Campaigns Spreading Jaff Ransomware (score: 0.71)
WordPress Compromise Campaign (score: 0.69)
Malicious spam serve zip archives of javascript files (score: 0.67)
Ransomware: Kovter, Boaxxe, and Miuref (score: 0.67)
Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox (score: 0.66)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 18.25

Matched TTPs:

T1491.002 - External Defacement
T1195 - Supply Chain Compromise
T1036 - Masquerading
T1588.001 - Malware
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

Sandworm Team

Score: 27.10

Matched TTPs:

T1491.002 - External Defacement
T1587.001 - Malware
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1036 - Masquerading
T1584.005 - Botnet
T1592.002 - Software
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustard Tempest

Score: 9.72

Matched TTPs:

T1583.008 - Malvertising
T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1189 - Drive-by Compromise

MITREへのリンク →

Kimsuky

Score: 23.77

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1657 - Financial Theft
T1583.006 - Web Services
T1566 - Phishing
T1587 - Develop Capabilities
T1588.005 - Exploits

MITREへのリンク →

FIN13

Score: 6.81

Matched TTPs:

T1587.001 - Malware
T1036 - Masquerading
T1657 - Financial Theft

MITREへのリンク →

Moonstone Sleet

Score: 10.37

Matched TTPs:

T1587.001 - Malware
T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1587 - Develop Capabilities

MITREへのリンク →

Lazarus Group

Score: 12.95

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Contagious Interview

Score: 22.79

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1567 - Exfiltration Over Web Service
T1036 - Masquerading
T1657 - Financial Theft
T1583.006 - Web Services
T1204.004 - Malicious Copy and Paste
T1587 - Develop Capabilities

MITREへのリンク →

OilRig

Score: 13.04

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1036 - Masquerading
T1203 - Exploitation for Client Execution

MITREへのリンク →

UNC3886

Score: 10.18

Matched TTPs:

T1587.001 - Malware
T1588.001 - Malware
T1205.001 - Port Knocking
T1203 - Exploitation for Client Execution

MITREへのリンク →

LuminousMoth

Score: 7.97

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

APT29

Score: 11.59

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1556.007 - Hybrid Identity
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Play

Score: 4.62

Matched TTPs:

T1587.001 - Malware
T1657 - Financial Theft

MITREへのリンク →

Aoqin Dragon

Score: 5.78

Matched TTPs:

T1587.001 - Malware
T1036 - Masquerading
T1203 - Exploitation for Client Execution

MITREへのリンク →

RedCurl

Score: 3.54

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link

MITREへのリンク →

Turla

Score: 9.78

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1588.001 - Malware
T1583.006 - Web Services
T1189 - Drive-by Compromise

MITREへのリンク →

Mustang Panda

Score: 20.15

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1583.006 - Web Services
T1678 - Delay Execution
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

TeamTNT

Score: 6.26

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1036 - Masquerading

MITREへのリンク →

FIN7

Score: 7.53

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1583.006 - Web Services

MITREへのリンク →

MuddyWater

Score: 4.95

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Confucius

Score: 8.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Mofang

Score: 4.60

Matched TTPs:

T1566.002 - Spearphishing Link
T1027.015 - Compression

MITREへのリンク →

Sidewinder

Score: 5.40

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution

MITREへのリンク →

Elderwood

Score: 4.71

Matched TTPs:

T1566.002 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Machete

Score: 3.21

Matched TTPs:

T1566.002 - Spearphishing Link
T1189 - Drive-by Compromise

MITREへのリンク →

Transparent Tribe

Score: 4.71

Matched TTPs:

T1566.002 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT32

Score: 13.34

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1036 - Masquerading
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT1

Score: 3.91

Matched TTPs:

T1566.002 - Spearphishing Link
T1588.001 - Malware

MITREへのリンク →

Leviathan

Score: 7.86

Matched TTPs:

T1566.002 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1027.015 - Compression

MITREへのリンク →

ZIRCONIUM

Score: 8.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1036 - Masquerading
T1583.006 - Web Services

MITREへのリンク →

EXOTIC LILY

Score: 4.91

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

Molerats

Score: 4.60

Matched TTPs:

T1566.002 - Spearphishing Link
T1027.015 - Compression

MITREへのリンク →

Magic Hound

Score: 15.15

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1567 - Exfiltration Over Web Service
T1583.006 - Web Services
T1592.002 - Software
T1189 - Drive-by Compromise

MITREへのリンク →

Windshift

Score: 5.40

Matched TTPs:

T1566.002 - Spearphishing Link
T1036 - Masquerading
T1189 - Drive-by Compromise

MITREへのリンク →

TA2541

Score: 11.04

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1588.001 - Malware
T1583.006 - Web Services
T1027.015 - Compression

MITREへのリンク →

Earth Lusca

Score: 9.66

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1588.001 - Malware
T1583.006 - Web Services
T1189 - Drive-by Compromise

MITREへのリンク →

Storm-1811

Score: 3.63

Matched TTPs:

T1566.002 - Spearphishing Link
T1036 - Masquerading

MITREへのリンク →

Patchwork

Score: 7.16

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

TA505

Score: 5.88

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

LazyScripter

Score: 10.08

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1036 - Masquerading
T1588.001 - Malware
T1583.006 - Web Services

MITREへのリンク →

APT42

Score: 3.42

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware

MITREへのリンク →

Scattered Spider

Score: 11.57

Matched TTPs:

T1598.003 - Spearphishing Link
T1588.001 - Malware
T1657 - Financial Theft
T1204 - User Execution

MITREへのリンク →

APT28

Score: 16.69

Matched TTPs:

T1598.003 - Spearphishing Link
T1567 - Exfiltration Over Web Service
T1036 - Masquerading
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1221 - Template Injection

MITREへのリンク →

Star Blizzard

Score: 4.43

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware

MITREへのリンク →

CURIUM

Score: 4.22

Matched TTPs:

T1598.003 - Spearphishing Link
T1189 - Drive-by Compromise

MITREへのリンク →

Dragonfly

Score: 8.87

Matched TTPs:

T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1221 - Template Injection

MITREへのリンク →

Gamaredon Group

Score: 10.29

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1221 - Template Injection
T1027.015 - Compression

MITREへのリンク →

Threat Group-3390

Score: 12.52

Matched TTPs:

T1608.001 - Upload Malware
T1608.002 - Upload Tool
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1027.015 - Compression

MITREへのリンク →

BlackByte

Score: 5.59

Matched TTPs:

T1608.001 - Upload Malware
T1567 - Exfiltration Over Web Service

MITREへのリンク →

BITTER

Score: 3.47

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

BRONZE BUTLER

Score: 5.45

Matched TTPs:

T1036 - Masquerading
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Winter Vivern

Score: 3.95

Matched TTPs:

T1036 - Masquerading
T1189 - Drive-by Compromise

MITREへのリンク →

PLATINUM

Score: 3.95

Matched TTPs:

T1036 - Masquerading
T1189 - Drive-by Compromise

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1659 - Content Injection

MITREへのリンク →

Medusa Group

Score: 13.21

Matched TTPs:

T1608.002 - Upload Tool
T1657 - Financial Theft
T1583.006 - Web Services
T1218.014 - MMC

MITREへのリンク →

LAPSUS$

Score: 6.59

Matched TTPs:

T1588.001 - Malware
T1204 - User Execution

MITREへのリンク →

Andariel

Score: 9.56

Matched TTPs:

T1588.001 - Malware
T1592.002 - Software
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

HAFNIUM

Score: 5.63

Matched TTPs:

T1584.005 - Botnet
T1583.006 - Web Services

MITREへのリンク →

Axiom

Score: 10.17

Matched TTPs:

T1584.005 - Botnet
T1566 - Phishing
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Volt Typhoon

Score: 3.62

Matched TTPs:

T1584.005 - Botnet

MITREへのリンク →

INC Ransom

Score: 5.81

Matched TTPs:

T1657 - Financial Theft
T1566 - Phishing

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1657 - Financial Theft
T1566 - Phishing

MITREへのリンク →

PROMETHIUM

Score: 5.90

Matched TTPs:

T1205.001 - Port Knocking
T1189 - Drive-by Compromise

MITREへのリンク →

Sea Turtle

Score: 4.78

Matched TTPs:

T1566 - Phishing
T1203 - Exploitation for Client Execution

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

Higaisa

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.015 - Compression

MITREへのリンク →

APT37

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Tropic Trooper

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Inception

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT38

Score: 6.30

Matched TTPs:

T1189 - Drive-by Compromise
T1036.006 - Space after Filename

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.83

Matched TTPs:

T1195 - Supply Chain Compromise
T1587.001 - Malware
T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1592.002 - Software
T1608.001 - Upload Malware
T1036 - Masquerading
T1598.003 - Spearphishing Link
T1491.002 - External Defacement
T1566.002 - Spearphishing Link

MITREへのリンク →

Kimsuky

Score: 0.70

Matched TTPs:

T1587 - Develop Capabilities
T1587.001 - Malware
T1583.006 - Web Services
T1588.005 - Exploits
T1566 - Phishing
T1608.001 - Upload Malware
T1657 - Financial Theft
T1598.003 - Spearphishing Link
T1566.002 - Spearphishing Link

MITREへのリンク →

Contagious Interview

Score: 0.68

Matched TTPs:

T1204.004 - Malicious Copy and Paste
T1587 - Develop Capabilities
T1587.001 - Malware
T1583.006 - Web Services
T1567 - Exfiltration Over Web Service
T1608.001 - Upload Malware
T1657 - Financial Theft
T1036 - Masquerading

MITREへのリンク →

Mustang Panda

Score: 0.61

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1587.001 - Malware
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1608.001 - Upload Malware
T1678 - Delay Execution
T1598.003 - Spearphishing Link
T1566.002 - Spearphishing Link

MITREへのリンク →

Ember Bear

Score: 0.55

Matched TTPs:

T1195 - Supply Chain Compromise
T1588.001 - Malware
T1203 - Exploitation for Client Execution
T1588.005 - Exploits
T1491.002 - External Defacement
T1036 - Masquerading

MITREへのリンク →

APT28

Score: 0.55

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1567 - Exfiltration Over Web Service
T1189 - Drive-by Compromise
T1221 - Template Injection
T1598.003 - Spearphishing Link
T1036 - Masquerading

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る