Trusted Design

HDRoot Bootkit

概要

(Kaspersky) Some time ago while tracking Winnti group activity we came across a suspicious 64-bit sample. It was a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. Once installed the bootkit infects the operating system with a backdoor at the early booting stage. The principles of this bootkit’s work, named HDRoot, have been described in the first part of our article. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. These backdoors are described in this part of the article.

Created: 2026-02-23

Indicators

類似Pulses

Financial Threat Group Targets Volume Boot Record (score: 0.66)
Backdoor:MSIL/Aataki (score: 0.63)
HackTool:Win64/AutoKMS (score: 0.62)
Backdoor:Win32/Bedep (score: 0.62)
Backdoor:Win32/Bedep (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 12.00

Matched TTPs:

T1561.002 - Disk Structure Wipe
T1543.003 - Windows Service
T1082 - System Information Discovery
T1562.001 - Disable or Modify Tools
T1529 - System Shutdown/Reboot

MITREへのリンク →

Sandworm Team

Score: 7.88

Matched TTPs:

T1561.002 - Disk Structure Wipe
T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1082 - System Information Discovery

MITREへのリンク →

Lazarus Group

Score: 25.78

Matched TTPs:

T1561.002 - Disk Structure Wipe
T1542.003 - Bootkit
T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1543.003 - Windows Service
T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools
T1124 - System Time Discovery
T1529 - System Shutdown/Reboot

MITREへのリンク →

Ember Bear

Score: 6.37

Matched TTPs:

T1561.002 - Disk Structure Wipe
T1036.005 - Match Legitimate Resource Name or Location
T1562.001 - Disable or Modify Tools

MITREへのリンク →

APT37

Score: 8.27

Matched TTPs:

T1561.002 - Disk Structure Wipe
T1082 - System Information Discovery
T1529 - System Shutdown/Reboot

MITREへのリンク →

Winnti Group

Score: 3.29

Matched TTPs:

T1014 - Rootkit

MITREへのリンク →

APT41

Score: 16.79

Matched TTPs:

T1014 - Rootkit
T1542.003 - Bootkit
T1036.005 - Match Legitimate Resource Name or Location
T1543.003 - Windows Service
T1082 - System Information Discovery
T1546.008 - Accessibility Features
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Rocke

Score: 7.42

Matched TTPs:

T1014 - Rootkit
T1036.005 - Match Legitimate Resource Name or Location
T1082 - System Information Discovery
T1562.001 - Disable or Modify Tools

MITREへのリンク →

TeamTNT

Score: 13.98

Matched TTPs:

T1014 - Rootkit
T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1543.003 - Windows Service
T1007 - System Service Discovery
T1082 - System Information Discovery
T1562.001 - Disable or Modify Tools

MITREへのリンク →

APT28

Score: 13.31

Matched TTPs:

T1014 - Rootkit
T1542.003 - Bootkit
T1036.005 - Match Legitimate Resource Name or Location
T1091 - Replication Through Removable Media
T1583.006 - Web Services

MITREへのリンク →

UNC3886

Score: 11.87

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1036.004 - Masquerade Task or Service
T1562.001 - Disable or Modify Tools
T1124 - System Time Discovery

MITREへのリンク →

Gamaredon Group

Score: 9.19

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1082 - System Information Discovery
T1091 - Replication Through Removable Media
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Volt Typhoon

Score: 9.87

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1007 - System Service Discovery
T1074 - Data Staged
T1124 - System Time Discovery

MITREへのリンク →

BRONZE BUTLER

Score: 8.05

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1007 - System Service Discovery
T1562.001 - Disable or Modify Tools
T1124 - System Time Discovery

MITREへのリンク →

TA2541

Score: 6.15

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1082 - System Information Discovery
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Indrik Spider

Score: 7.55

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1007 - System Service Discovery
T1562.001 - Disable or Modify Tools

MITREへのリンク →

FIN7

Score: 16.11

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1543.003 - Windows Service
T1082 - System Information Discovery
T1091 - Replication Through Removable Media
T1036.004 - Masquerade Task or Service
T1583.006 - Web Services
T1124 - System Time Discovery

MITREへのリンク →

MuddyWater

Score: 6.15

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1082 - System Information Discovery
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools

MITREへのリンク →

admin@338

Score: 4.87

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1007 - System Service Discovery
T1082 - System Information Discovery

MITREへのリンク →

Earth Lusca

Score: 7.61

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.003 - Windows Service
T1007 - System Service Discovery
T1583.006 - Web Services

MITREへのリンク →

BackdoorDiplomacy

Score: 3.23

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service

MITREへのリンク →

RedCurl

Score: 4.44

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1082 - System Information Discovery

MITREへのリンク →

APT29

Score: 8.53

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1546.008 - Accessibility Features
T1583.006 - Web Services

MITREへのリンク →

Naikon

Score: 3.23

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Chimera

Score: 6.25

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1007 - System Service Discovery
T1124 - System Time Discovery

MITREへのリンク →

Aquatic Panda

Score: 10.69

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.003 - Windows Service
T1007 - System Service Discovery
T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service
T1562.001 - Disable or Modify Tools

MITREへのリンク →

APT32

Score: 8.39

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.003 - Windows Service
T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service
T1583.006 - Web Services

MITREへのリンク →

Ke3chang

Score: 8.90

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1543.003 - Windows Service
T1007 - System Service Discovery
T1082 - System Information Discovery

MITREへのリンク →

Tropic Trooper

Score: 7.31

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.003 - Windows Service
T1082 - System Information Discovery
T1091 - Replication Through Removable Media

MITREへのリンク →

Magic Hound

Score: 8.25

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools

MITREへのリンク →

PROMETHIUM

Score: 5.17

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.003 - Windows Service
T1036.004 - Masquerade Task or Service

MITREへのリンク →

INC Ransom

Score: 6.56

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1074 - Data Staged
T1562.001 - Disable or Modify Tools

MITREへのリンク →

LuminousMoth

Score: 6.27

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1091 - Replication Through Removable Media

MITREへのリンク →

OilRig

Score: 8.90

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1543.003 - Windows Service
T1007 - System Service Discovery
T1082 - System Information Discovery

MITREへのリンク →

Carbanak

Score: 5.17

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.003 - Windows Service
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Darkhotel

Score: 7.97

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1082 - System Information Discovery
T1091 - Replication Through Removable Media
T1124 - System Time Discovery

MITREへのリンク →

APT1

Score: 3.66

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1007 - System Service Discovery

MITREへのリンク →

Blue Mockingbird

Score: 4.28

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.003 - Windows Service
T1082 - System Information Discovery

MITREへのリンク →

Sidewinder

Score: 4.93

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1082 - System Information Discovery
T1124 - System Time Discovery

MITREへのリンク →

Kimsuky

Score: 14.80

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1543.003 - Windows Service
T1007 - System Service Discovery
T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Poseidon Group

Score: 3.66

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1007 - System Service Discovery

MITREへのリンク →

Fox Kitten

Score: 6.52

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1546.008 - Accessibility Features
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Turla

Score: 13.36

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1007 - System Service Discovery
T1082 - System Information Discovery
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools
T1124 - System Time Discovery

MITREへのリンク →

Mustang Panda

Score: 9.48

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1082 - System Information Discovery
T1091 - Replication Through Removable Media
T1583.006 - Web Services

MITREへのリンク →

FIN13

Score: 6.53

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1587.001 - Malware
T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Moonstone Sleet

Score: 3.30

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery

MITREへのリンク →

Contagious Interview

Score: 7.11

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Play

Score: 5.10

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Aoqin Dragon

Score: 5.13

Matched TTPs:

T1587.001 - Malware
T1091 - Replication Through Removable Media

MITREへのリンク →

Moses Staff

Score: 3.30

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery

MITREへのリンク →

Medusa Group

Score: 15.11

Matched TTPs:

T1652 - Device Driver Discovery
T1543.003 - Windows Service
T1082 - System Information Discovery
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools
T1529 - System Shutdown/Reboot

MITREへのリンク →

Wizard Spider

Score: 14.79

Matched TTPs:

T1543.003 - Windows Service
T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service
T1074 - Data Staged
T1552.006 - Group Policy Preferences
T1562.001 - Disable or Modify Tools

MITREへのリンク →

BlackByte

Score: 4.94

Matched TTPs:

T1543.003 - Windows Service
T1082 - System Information Discovery
T1562.001 - Disable or Modify Tools

MITREへのリンク →

APT19

Score: 3.14

Matched TTPs:

T1543.003 - Windows Service
T1082 - System Information Discovery

MITREへのリンク →

APT3

Score: 6.43

Matched TTPs:

T1543.003 - Windows Service
T1082 - System Information Discovery
T1546.008 - Accessibility Features

MITREへのリンク →

Agrius

Score: 3.73

Matched TTPs:

T1543.003 - Windows Service
T1562.001 - Disable or Modify Tools

MITREへのリンク →

ZIRCONIUM

Score: 7.91

Matched TTPs:

T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service
T1583.006 - Web Services
T1124 - System Time Discovery

MITREへのリンク →

Higaisa

Score: 5.89

Matched TTPs:

T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service
T1124 - System Time Discovery

MITREへのリンク →

CURIUM

Score: 3.80

Matched TTPs:

T1082 - System Information Discovery
T1124 - System Time Discovery

MITREへのリンク →

Scattered Spider

Score: 6.62

Matched TTPs:

T1082 - System Information Discovery
T1074 - Data Staged
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Storm-0501

Score: 3.30

Matched TTPs:

T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Winter Vivern

Score: 3.30

Matched TTPs:

T1082 - System Information Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Deep Panda

Score: 3.29

Matched TTPs:

T1546.008 - Accessibility Features

MITREへのリンク →

Axiom

Score: 7.82

Matched TTPs:

T1546.008 - Accessibility Features
T1001.002 - Steganography

MITREへのリンク →

Equation

Score: 8.67

Matched TTPs:

T1542.002 - Component Firmware
T1564.005 - Hidden File System

MITREへのリンク →

FIN6

Score: 3.89

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Saint Bear

Score: 3.81

Matched TTPs:

T1583.006 - Web Services
T1562.001 - Disable or Modify Tools

MITREへのリンク →

APT33

Score: 4.13

Matched TTPs:

T1552.006 - Group Policy Preferences

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.78

Matched TTPs:

T1529 - System Shutdown/Reboot
T1561.002 - Disk Structure Wipe
T1587.001 - Malware
T1124 - System Time Discovery
T1036.005 - Match Legitimate Resource Name or Location
T1542.003 - Bootkit
T1082 - System Information Discovery
T1543.003 - Windows Service
T1036.004 - Masquerade Task or Service
T1562.001 - Disable or Modify Tools
T1583.006 - Web Services

MITREへのリンク →

FIN7

Score: 0.57

Matched TTPs:

T1587.001 - Malware
T1124 - System Time Discovery
T1036.005 - Match Legitimate Resource Name or Location
T1082 - System Information Discovery
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1036.004 - Masquerade Task or Service
T1583.006 - Web Services

MITREへのリンク →

APT41

Score: 0.56

Matched TTPs:

T1014 - Rootkit
T1036.005 - Match Legitimate Resource Name or Location
T1542.003 - Bootkit
T1082 - System Information Discovery
T1543.003 - Windows Service
T1036.004 - Masquerade Task or Service
T1546.008 - Accessibility Features

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る