Trusted Design

Down the Rabbit Hole: Botnet Analysis for Non-Reverse Engineers

概要

Talos is often tasked with mapping the backend network for a specific piece of malware. One approach is to first reverse engineer the sample and determine exactly how it operates. But what if there is no time or resources to take the sample apart? This post is going to show how to examine a botnet from the Fareit family, starting with just an IP address. Then, using sandbox communities like Cisco ThreatGRID and open source products like Gephi and VirusTotal, we will track down and visualize the botnet.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Fareit botnet family (score: 0.59)
Exploring a P2P Transient Botnet - From Discovery to Enumeration (score: 0.59)
Mirai Botnet Indicators (score: 0.59)
A New All-in-One Botnet: Proteus (score: 0.57)
Cisco's Talos Intelligence Group Blog: The Many Tentacles of the Necurs Botnet (score: 0.57)

このPulseに関連する脅威アクター (事実ベース)

Andariel

Score: 3.84

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay

MITREへのリンク →

Magic Hound

Score: 9.27

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1099 - Timestomp
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances

MITREへのリンク →

HAFNIUM

Score: 19.37

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1099 - Timestomp
T1027.008 - Stripped Payloads
T1590.006 - Network Security Appliances
T1049 - System Network Connections Discovery
T1552.008 - Chat Messages

MITREへのリンク →

APT41

Score: 13.87

Matched TTPs:

T1539 - Steal Web Session Cookie
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1573 - Encrypted Channel
T1002 - Data Compressed

MITREへのリンク →

TA551

Score: 4.13

Matched TTPs:

T1539 - Steal Web Session Cookie

MITREへのリンク →

HEXANE

Score: 5.42

Matched TTPs:

T1099 - Timestomp
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances

MITREへのリンク →

APT29

Score: 6.59

Matched TTPs:

T1099 - Timestomp
T1592.004 - Client Configurations

MITREへのリンク →

Gamaredon Group

Score: 3.95

Matched TTPs:

T1099 - Timestomp
T1120 - Peripheral Device Discovery

MITREへのリンク →

TA2541

Score: 7.10

Matched TTPs:

T1099 - Timestomp
T1120 - Peripheral Device Discovery
T1001 - Data Obfuscation

MITREへのリンク →

Lotus Blossom

Score: 4.22

Matched TTPs:

T1099 - Timestomp
T1590.006 - Network Security Appliances

MITREへのリンク →

FIN13

Score: 9.27

Matched TTPs:

T1099 - Timestomp
T1553.002 - Code Signing
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances

MITREへのリンク →

Turla

Score: 10.54

Matched TTPs:

T1099 - Timestomp
T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1578.001 - Create Snapshot

MITREへのリンク →

Volt Typhoon

Score: 20.64

Matched TTPs:

T1099 - Timestomp
T1003.007 - Proc Filesystem
T1553.002 - Code Signing
T1590.006 - Network Security Appliances
T1049 - System Network Connections Discovery
T1552.008 - Chat Messages
T1578.001 - Create Snapshot

MITREへのリンク →

FIN8

Score: 3.95

Matched TTPs:

T1099 - Timestomp
T1120 - Peripheral Device Discovery

MITREへのリンク →

APT5

Score: 3.84

Matched TTPs:

T1027.008 - Stripped Payloads

MITREへのリンク →

Ke3chang

Score: 9.04

Matched TTPs:

T1027.008 - Stripped Payloads
T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances

MITREへのリンク →

BRONZE BUTLER

Score: 8.96

Matched TTPs:

T1003.007 - Proc Filesystem
T1592.004 - Client Configurations
T1578.001 - Create Snapshot

MITREへのリンク →

TeamTNT

Score: 9.33

Matched TTPs:

T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1519 - Emond

MITREへのリンク →

Indrik Spider

Score: 6.37

Matched TTPs:

T1003.007 - Proc Filesystem
T1552.008 - Chat Messages

MITREへのリンク →

OilRig

Score: 5.20

Matched TTPs:

T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances

MITREへのリンク →

Aquatic Panda

Score: 3.73

Matched TTPs:

T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery

MITREへのリンク →

Kimsuky

Score: 8.35

Matched TTPs:

T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1001 - Data Obfuscation

MITREへのリンク →

Chimera

Score: 6.59

Matched TTPs:

T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances
T1578.001 - Create Snapshot

MITREへのリンク →

Earth Lusca

Score: 3.99

Matched TTPs:

T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances

MITREへのリンク →

admin@338

Score: 5.20

Matched TTPs:

T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances

MITREへのリンク →

APT1

Score: 3.99

Matched TTPs:

T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1553.002 - Code Signing

MITREへのリンク →

BlackByte

Score: 5.83

Matched TTPs:

T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1001 - Data Obfuscation

MITREへのリンク →

ZIRCONIUM

Score: 5.27

Matched TTPs:

T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1578.001 - Create Snapshot

MITREへのリンク →

Darkhotel

Score: 9.11

Matched TTPs:

T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1064 - Scripting
T1578.001 - Create Snapshot

MITREへのリンク →

APT32

Score: 6.52

Matched TTPs:

T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1592.004 - Client Configurations

MITREへのリンク →

Lazarus Group

Score: 9.40

Matched TTPs:

T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot

MITREへのリンク →

Higaisa

Score: 5.27

Matched TTPs:

T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1578.001 - Create Snapshot

MITREへのリンク →

CURIUM

Score: 3.80

Matched TTPs:

T1120 - Peripheral Device Discovery
T1578.001 - Create Snapshot

MITREへのリンク →

APT38

Score: 5.74

Matched TTPs:

T1120 - Peripheral Device Discovery
T1059.005 - Visual Basic

MITREへのリンク →

Mustang Panda

Score: 15.88

Matched TTPs:

T1120 - Peripheral Device Discovery
T1136.001 - Local Account
T1590.006 - Network Security Appliances
T1169 - Sudo
T1055.005 - Thread Local Storage

MITREへのリンク →

FIN7

Score: 6.73

Matched TTPs:

T1120 - Peripheral Device Discovery
T1573 - Encrypted Channel
T1578.001 - Create Snapshot

MITREへのリンク →

Sidewinder

Score: 5.27

Matched TTPs:

T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1578.001 - Create Snapshot

MITREへのリンク →

Daggerfly

Score: 4.13

Matched TTPs:

T1120 - Peripheral Device Discovery
T1573 - Encrypted Channel

MITREへのリンク →

Contagious Interview

Score: 5.05

Matched TTPs:

T1120 - Peripheral Device Discovery
T1064 - Scripting

MITREへのリンク →

Patchwork

Score: 4.36

Matched TTPs:

T1120 - Peripheral Device Discovery
T1001 - Data Obfuscation

MITREへのリンク →

Moonstone Sleet

Score: 5.60

Matched TTPs:

T1120 - Peripheral Device Discovery
T1590.006 - Network Security Appliances
T1573 - Encrypted Channel

MITREへのリンク →

Sandworm Team

Score: 7.76

Matched TTPs:

T1120 - Peripheral Device Discovery
T1049 - System Network Connections Discovery
T1573 - Encrypted Channel

MITREへのリンク →

Dragonfly

Score: 4.40

Matched TTPs:

T1590.006 - Network Security Appliances
T1573 - Encrypted Channel

MITREへのリンク →

menuPass

Score: 4.62

Matched TTPs:

T1590.006 - Network Security Appliances
T1001 - Data Obfuscation

MITREへのリンク →

Threat Group-3390

Score: 7.55

Matched TTPs:

T1590.006 - Network Security Appliances
T1001 - Data Obfuscation
T1573 - Encrypted Channel

MITREへのリンク →

Axiom

Score: 3.62

Matched TTPs:

T1049 - System Network Connections Discovery

MITREへのリンク →

Saint Bear

Score: 3.84

Matched TTPs:

T1064 - Scripting

MITREへのリンク →

PROMETHIUM

Score: 4.13

Matched TTPs:

T1547.015 - Login Items

MITREへのリンク →

UNC3886

Score: 6.72

Matched TTPs:

T1547.015 - Login Items
T1578.001 - Create Snapshot

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

Volatile Cedar

Score: 4.13

Matched TTPs:

T1002 - Data Compressed

MITREへのリンク →

APT28

Score: 9.08

Matched TTPs:

T1146 - Clear Command History
T1546.007 - Netsh Helper DLL

MITREへのリンク →

Ember Bear

Score: 4.13

Matched TTPs:

T1519 - Emond

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.78

Matched TTPs:

T1049 - System Network Connections Discovery
T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances
T1578.001 - Create Snapshot
T1099 - Timestomp
T1553.002 - Code Signing
T1552.008 - Chat Messages

MITREへのリンク →

HAFNIUM

Score: 0.74

Matched TTPs:

T1049 - System Network Connections Discovery
T1171 - LLMNR/NBT-NS Poisoning and Relay
T1027.008 - Stripped Payloads
T1590.006 - Network Security Appliances
T1099 - Timestomp
T1552.008 - Chat Messages

MITREへのリンク →

Mustang Panda

Score: 0.61

Matched TTPs:

T1120 - Peripheral Device Discovery
T1055.005 - Thread Local Storage
T1169 - Sudo
T1590.006 - Network Security Appliances
T1136.001 - Local Account

MITREへのリンク →

APT41

Score: 0.55

Matched TTPs:

T1120 - Peripheral Device Discovery
T1002 - Data Compressed
T1590.006 - Network Security Appliances
T1573 - Encrypted Channel
T1539 - Steal Web Session Cookie

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る