Trusted Design

CoreBot activity linked to stolen information sold online

概要

From Damballa: We have been investigating several domains registered using the email address drake.lampado777@gmail[.]com. IBM Security X-Force spotted the information-stealing malware named Corebot. The Corebot’s author included the ability to add plugins to the malware in order to incorporate more features. The features are usually a specific function the malware will perform or turned the bot in, such as being a socks proxy or adding the possibility for the malware to spread via USB drives, grab certificates, or even perform DDOS. The sample analyzed by IBM Security X-Force communicates with two domains registered to drake.lampado777@gmail[.]com that are down at this time (found in OTX pulse IoCs)

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Sidewinder

Score: 6.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Scattered Spider

Score: 3.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Mustang Panda

Score: 16.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 18.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1049 - System Network Connections Discovery
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 3.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

ZIRCONIUM

Score: 12.04
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT32

Score: 19.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1592.004 - Client Configurations
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 17.85
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Magic Hound

Score: 14.49
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

APT28

Score: 17.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Star Blizzard

Score: 5.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Moonstone Sleet

Score: 8.88
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1573 - Encrypted Channel
MITREへのリンク →

CURIUM

Score: 11.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

Dragonfly

Score: 11.07
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 5.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 9.48
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

Ke3chang

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

APT39

Score: 3.76
Matched TTPs:
  • T1007 - System Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT41

Score: 7.42
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 4.41
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.005 - Link Target
MITREへのリンク →

Chimera

Score: 4.99
Matched TTPs:
  • T1007 - System Service Discovery
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT38

Score: 11.58
Matched TTPs:
  • T1007 - System Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1059.005 - Visual Basic
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 4.37
Matched TTPs:
  • T1007 - System Service Discovery
  • T1091 - Replication Through Removable Media
MITREへのリンク →

FIN13

Score: 4.49
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
MITREへのリンク →

APT1

Score: 7.20
Matched TTPs:
  • T1007 - System Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1053.002 - At
MITREへのリンク →

Wizard Spider

Score: 9.01
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 6.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 12.25
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 3.33
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 8.38
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

OilRig

Score: 12.54
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1592.002 - Software
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

LazyScripter

Score: 6.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 11.40
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1061 - Graphical User Interface
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Threat Group-3390

Score: 11.34
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1526 - Cloud Service Discovery
MITREへのリンク →

SideCopy

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

TA505

Score: 4.85
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 5.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
MITREへのリンク →

HEXANE

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Saint Bear

Score: 5.35
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Contagious Interview

Score: 11.00
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1021.006 - Windows Remote Management
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 14.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1573 - Encrypted Channel
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

EXOTIC LILY

Score: 4.85
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

Leviathan

Score: 4.64
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 7.93
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Lazarus Group

Score: 18.65
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
MITREへのリンク →

Winter Vivern

Score: 10.36
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

UNC3886

Score: 8.82
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1588.001 - Malware
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT29

Score: 7.22
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 8.20
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

PROMETHIUM

Score: 3.86
Matched TTPs:
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Higaisa

Score: 4.69
Matched TTPs:
  • T1588.001 - Malware
  • T1578.001 - Create Snapshot
MITREへのリンク →

Axiom

Score: 5.39
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volt Typhoon

Score: 6.21
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1578.001 - Create Snapshot
MITREへのリンク →

Turla

Score: 11.35
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

MuddyWater

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 4.29
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 6.05
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 4.36
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

Elderwood

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

BlackTech

Score: 4.51
Matched TTPs:
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 4.51
Matched TTPs:
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.79
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1049 - System Network Connections Discovery
  • T1091 - Replication Through Removable Media
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 0.79
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1592.004 - Client Configurations
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 0.77
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1055.005 - Thread Local Storage
  • T1059.012 - Hypervisor CLI
  • T1588.001 - Malware
  • T1069.001 - Local Groups
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT28

Score: 0.76
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1566.003 - Spearphishing via Service
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1526 - Cloud Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1053.002 - At
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustang Panda

Score: 0.72
Matched TTPs:
  • T1526 - Cloud Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1055.005 - Thread Local Storage
  • T1091 - Replication Through Removable Media
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 0.66
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1573 - Encrypted Channel
  • T1588.001 - Malware
  • T1578.001 - Create Snapshot
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1588.001 - Malware
  • T1053.002 - At
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 0.58
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る