Trusted Design

Affiliate’s Malspam Operation: Kovter and Miuref/Boaxxe

概要

In March of this year, reports of malspam campaigns utilizing an email attached “.doc.js” files, which tied back to the Kovter and Boaxxe clickfraud trojans. The analysis of these malware families have already been well documented here and here. Therefore, this post will concentrate on the botnet behind the malspam delivery and subsequent download for these recent malspam campaigns. It is believed that the miscreants behind the development of these trojans use an affiliate model to have their malicious wares infect victims via botnet or exploit kit operators.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 18.25
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 27.10
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1049 - System Network Connections Discovery
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

Mustard Tempest

Score: 9.72
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Kimsuky

Score: 23.77
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
MITREへのリンク →

FIN13

Score: 6.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
MITREへのリンク →

Moonstone Sleet

Score: 10.37
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Lazarus Group

Score: 12.95
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Contagious Interview

Score: 22.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1586.003 - Cloud Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
MITREへのリンク →

OilRig

Score: 13.04
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

UNC3886

Score: 10.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1547.015 - Login Items
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 7.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

APT29

Score: 11.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1181 - Extra Window Memory Injection
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

Play

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
MITREへのリンク →

Aoqin Dragon

Score: 5.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 3.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
MITREへのリンク →

Turla

Score: 9.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustang Panda

Score: 20.15
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 6.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

FIN7

Score: 7.53
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

MuddyWater

Score: 4.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 8.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Mofang

Score: 4.60
Matched TTPs:
  • T1543.003 - Windows Service
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 5.40
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 4.71
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 4.71
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT32

Score: 13.34
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT1

Score: 3.91
Matched TTPs:
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
MITREへのリンク →

Leviathan

Score: 7.86
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.017 - Udev Rules
MITREへのリンク →

ZIRCONIUM

Score: 8.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
MITREへのリンク →

EXOTIC LILY

Score: 4.91
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Molerats

Score: 4.60
Matched TTPs:
  • T1543.003 - Windows Service
  • T1546.017 - Udev Rules
MITREへのリンク →

Magic Hound

Score: 15.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1586.003 - Cloud Accounts
  • T1608.005 - Link Target
  • T1187 - Forced Authentication
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Windshift

Score: 5.40
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 11.04
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 9.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Storm-1811

Score: 3.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Patchwork

Score: 7.16
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA505

Score: 5.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

LazyScripter

Score: 10.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Scattered Spider

Score: 11.57
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
MITREへのリンク →

APT28

Score: 16.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.003 - Cloud Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
MITREへのリンク →

Star Blizzard

Score: 4.43
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

CURIUM

Score: 4.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Dragonfly

Score: 8.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
MITREへのリンク →

Gamaredon Group

Score: 10.29
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1200 - Hardware Additions
  • T1546.017 - Udev Rules
MITREへのリンク →

Threat Group-3390

Score: 12.52
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.017 - Udev Rules
MITREへのリンク →

BlackByte

Score: 5.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1586.003 - Cloud Accounts
MITREへのリンク →

BITTER

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 5.45
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Winter Vivern

Score: 3.95
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

PLATINUM

Score: 3.95
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Medusa Group

Score: 13.21
Matched TTPs:
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

LAPSUS$

Score: 6.59
Matched TTPs:
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
MITREへのリンク →

Andariel

Score: 9.56
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HAFNIUM

Score: 5.63
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
MITREへのリンク →

Axiom

Score: 10.17
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volt Typhoon

Score: 3.62
Matched TTPs:
  • T1049 - System Network Connections Discovery
MITREへのリンク →

INC Ransom

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

PROMETHIUM

Score: 5.90
Matched TTPs:
  • T1547.015 - Login Items
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Sea Turtle

Score: 4.78
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Higaisa

Score: 4.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

APT37

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tropic Trooper

Score: 4.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Inception

Score: 4.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT38

Score: 6.30
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1059.005 - Visual Basic
MITREへのリンク →

DarkHydrus

Score: 3.15
Matched TTPs:
  • T1200 - Hardware Additions
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.83
Matched TTPs:
  • T1005 - Data from Local System
  • T1049 - System Network Connections Discovery
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1564.008 - Email Hiding Rules
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1187 - Forced Authentication
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Kimsuky

Score: 0.70
Matched TTPs:
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1126 - Network Share Connection Removal
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1003.003 - NTDS
MITREへのリンク →

Contagious Interview

Score: 0.68
Matched TTPs:
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1221 - Template Injection
  • T1586.003 - Cloud Accounts
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Mustang Panda

Score: 0.61
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1169 - Sudo
MITREへのリンク →

Ember Bear

Score: 0.55
Matched TTPs:
  • T1005 - Data from Local System
  • T1564.008 - Email Hiding Rules
  • T1218.010 - Regsvr32
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1003.003 - NTDS
MITREへのリンク →

APT28

Score: 0.55
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1608.005 - Link Target
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1586.003 - Cloud Accounts
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る