Trusted Design

TeslaCrypt 2.0: Cyber Crime Malware Behavior

概要

TeslaCrypt/AlphaCrypt uses AES256 encryption. The AES key is generated using a SHA256 hash and due to the keys being stored on the infected machine, victims in many cases could likely decrypt files without paying the ransom. • The newest variant, TeslaCrypt 2.0, uses the same encryption algorithm; however, the keys and other configuration data are stored in the Windows Registry instead of a file on the local disk (as in previous versions). This version masquerades as CryptoWall. • The command and control (C&C) communications for new variants use the same AES256 encryption for any traffic to the attacker’s server; in previous variants, only Base64 encoding was used.

Created: 2026-02-23

Indicators

類似Pulses

NUCLEAR EK FROM 162.247.14.156 SENDS TESLACRYPT 2.0 (score: 0.92)
Threat Spotlight: TeslaCrypt (score: 0.73)
TeslaCrypt Ransomware (score: 0.72)
TeslaCrypt C2 Communication (score: 0.72)
New TeslaCrypt version (score: 0.67)

このPulseに関連する脅威アクター (事実ベース)

FIN6

Score: 8.30

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process

MITREへのリンク →

CopyKittens

Score: 3.15

Matched TTPs:

T1016.001 - Internet Connection Discovery

MITREへのリンク →

Mustang Panda

Score: 16.18

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1071.005 - Publish/Subscribe Protocols
T1677 - Poisoned Pipeline Execution
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

Kimsuky

Score: 10.62

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1537 - Transfer Data to Cloud Account
T1668 - Exclusive Control
T1490 - Inhibit System Recovery

MITREへのリンク →

UNC3886

Score: 6.59

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1055.015 - ListPlanting

MITREへのリンク →

Lotus Blossom

Score: 6.08

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1569.002 - Service Execution

MITREへのリンク →

Lazarus Group

Score: 26.68

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1071.005 - Publish/Subscribe Protocols
T1677 - Poisoned Pipeline Execution
T1055.005 - Thread Local Storage
T1055.015 - ListPlanting
T1569.002 - Service Execution
T1086 - PowerShell
T1556 - Modify Authentication Process

MITREへのリンク →

Mustard Tempest

Score: 4.54

Matched TTPs:

T1682 - Query Public AI Services

MITREへのリンク →

ZIRCONIUM

Score: 4.58

Matched TTPs:

T1071.005 - Publish/Subscribe Protocols
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Volt Typhoon

Score: 7.50

Matched TTPs:

T1071.005 - Publish/Subscribe Protocols
T1537 - Transfer Data to Cloud Account
T1569.002 - Service Execution

MITREへのリンク →

Contagious Interview

Score: 9.11

Matched TTPs:

T1071.005 - Publish/Subscribe Protocols
T1562.010 - Downgrade Attack
T1556 - Modify Authentication Process

MITREへのリンク →

Higaisa

Score: 8.60

Matched TTPs:

T1071.005 - Publish/Subscribe Protocols
T1569.002 - Service Execution
T1546.017 - Udev Rules

MITREへのリンク →

APT33

Score: 5.27

Matched TTPs:

T1071.005 - Publish/Subscribe Protocols
T1556 - Modify Authentication Process

MITREへのリンク →

APT28

Score: 13.65

Matched TTPs:

T1071.005 - Publish/Subscribe Protocols
T1205.001 - Port Knocking
T1668 - Exclusive Control
T1588.003 - Code Signing Certificates

MITREへのリンク →

BRONZE BUTLER

Score: 6.37

Matched TTPs:

T1071.005 - Publish/Subscribe Protocols
T1592.004 - Client Configurations

MITREへのリンク →

APT42

Score: 3.62

Matched TTPs:

T1677 - Poisoned Pipeline Execution

MITREへのリンク →

APT5

Score: 3.62

Matched TTPs:

T1677 - Poisoned Pipeline Execution

MITREへのリンク →

APT29

Score: 12.19

Matched TTPs:

T1592.004 - Client Configurations
T1683 - Generate Content
T1537 - Transfer Data to Cloud Account
T1490 - Inhibit System Recovery

MITREへのリンク →

APT32

Score: 14.40

Matched TTPs:

T1592.004 - Client Configurations
T1668 - Exclusive Control
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process
T1490 - Inhibit System Recovery

MITREへのリンク →

BlackByte

Score: 8.58

Matched TTPs:

T1562.010 - Downgrade Attack
T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Gamaredon Group

Score: 11.13

Matched TTPs:

T1562.010 - Downgrade Attack
T1086 - PowerShell
T1546.017 - Udev Rules

MITREへのリンク →

CURIUM

Score: 3.84

Matched TTPs:

T1205.001 - Port Knocking

MITREへのリンク →

Storm-1811

Score: 6.19

Matched TTPs:

T1205.001 - Port Knocking
T1027 - Obfuscated Files or Information

MITREへのリンク →

APT38

Score: 6.79

Matched TTPs:

T1027 - Obfuscated Files or Information
T1537 - Transfer Data to Cloud Account
T1027.007 - Dynamic API Resolution

MITREへのリンク →

INC Ransom

Score: 4.74

Matched TTPs:

T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Magic Hound

Score: 5.96

Matched TTPs:

T1027 - Obfuscated Files or Information
T1683 - Generate Content

MITREへのリンク →

FIN7

Score: 10.84

Matched TTPs:

T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution
T1055.015 - ListPlanting
T1490 - Inhibit System Recovery

MITREへのリンク →

Storm-0501

Score: 4.39

Matched TTPs:

T1027 - Obfuscated Files or Information
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Medusa Group

Score: 11.33

Matched TTPs:

T1027 - Obfuscated Files or Information
T1537 - Transfer Data to Cloud Account
T1027.007 - Dynamic API Resolution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

APT41

Score: 17.11

Matched TTPs:

T1027 - Obfuscated Files or Information
T1537 - Transfer Data to Cloud Account
T1668 - Exclusive Control
T1027.007 - Dynamic API Resolution
T1037.001 - Logon Script (Windows)
T1055.015 - ListPlanting

MITREへのリンク →

TA505

Score: 4.39

Matched TTPs:

T1027 - Obfuscated Files or Information
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

FIN8

Score: 5.09

Matched TTPs:

T1027 - Obfuscated Files or Information
T1556 - Modify Authentication Process

MITREへのリンク →

Moonstone Sleet

Score: 4.74

Matched TTPs:

T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Tropic Trooper

Score: 6.29

Matched TTPs:

T1683 - Generate Content
T1490 - Inhibit System Recovery

MITREへのリンク →

BITTER

Score: 3.62

Matched TTPs:

T1683 - Generate Content

MITREへのリンク →

TA2541

Score: 5.20

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1546.017 - Udev Rules

MITREへのリンク →

APT39

Score: 7.38

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

GALLIUM

Score: 4.80

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1668 - Exclusive Control

MITREへのリンク →

Threat Group-3390

Score: 5.20

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1546.017 - Udev Rules

MITREへのリンク →

Chimera

Score: 5.14

Matched TTPs:

T1668 - Exclusive Control
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Wizard Spider

Score: 7.89

Matched TTPs:

T1668 - Exclusive Control
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process

MITREへのリンク →

FIN13

Score: 5.67

Matched TTPs:

T1668 - Exclusive Control
T1569.002 - Service Execution

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1160 - Launch Daemon

MITREへのリンク →

Velvet Ant

Score: 7.99

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution
T1490 - Inhibit System Recovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1037.001 - Logon Script (Windows)

MITREへのリンク →

OilRig

Score: 6.19

Matched TTPs:

T1055.015 - ListPlanting
T1556 - Modify Authentication Process

MITREへのリンク →

Turla

Score: 5.59

Matched TTPs:

T1569.002 - Service Execution
T1490 - Inhibit System Recovery

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Leviathan

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.77

Matched TTPs:

T1055.015 - ListPlanting
T1016.001 - Internet Connection Discovery
T1086 - PowerShell
T1071.005 - Publish/Subscribe Protocols
T1556 - Modify Authentication Process
T1055.005 - Thread Local Storage
T1569.002 - Service Execution
T1677 - Poisoned Pipeline Execution

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る