Trusted Design

Duuzer back door Trojan targets South Korea

概要

Symantec has found that South Korea is being impacted by an active back door Trojan, detected as Backdoor.Duuzer. While the malware attack has not been exclusively targeting the region, it has been focusing on the South Korean manufacturing industry. Duuzer is a well-designed threat that gives attackers remote access to the compromised computer, downloads additional files, and steals data. It’s clearly the work of skilled attackers looking to obtain valuable information There is also evidence to suggest that the actors behind Duuzer are spreading two other threats, detected as W32.Brambul and Backdoor.Joanap, to target more organizations in South Korea. Brambul and Joanap appear to be used to download extra payloads and carry out reconnaissance on infected computers.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 9.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Sandworm Team

Score: 24.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
  • T1003.003 - NTDS
MITREへのリンク →

OilRig

Score: 25.60
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Gamaredon Group

Score: 16.53
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1001 - Data Obfuscation
  • T1102.002 - Bidirectional Communication
  • T1027.015 - Compression
MITREへのリンク →

APT28

Score: 17.96
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1003.003 - NTDS
  • T1669 - Wi-Fi Networks
MITREへのリンク →

Turla

Score: 14.95
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
MITREへのリンク →

Kimsuky

Score: 16.33
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN13

Score: 12.94
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1565 - Data Manipulation
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Moonstone Sleet

Score: 6.59
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 6.58
Matched TTPs:
  • T1587.001 - Malware
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Lazarus Group

Score: 19.23
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Contagious Interview

Score: 10.19
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

UNC3886

Score: 6.72
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1027.005 - Indicator Removal from Tools
MITREへのリンク →

LuminousMoth

Score: 4.92
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

Salt Typhoon

Score: 7.16
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT29

Score: 13.53
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1550.003 - Pass the Ticket
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Play

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

RedCurl

Score: 4.84
Matched TTPs:
  • T1587.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Ke3chang

Score: 6.76
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Mustang Panda

Score: 17.29
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

TeamTNT

Score: 4.07
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
MITREへのリンク →

FIN7

Score: 10.43
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 5.97
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 7.13
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1584.004 - Server
MITREへのリンク →

Threat Group-3390

Score: 13.34
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

BlackByte

Score: 5.09
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT32

Score: 12.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

HEXANE

Score: 6.87
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

EXOTIC LILY

Score: 4.50
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Volt Typhoon

Score: 9.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackTech

Score: 5.47
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Magic Hound

Score: 8.89
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Medusa Group

Score: 10.85
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1218.014 - MMC
MITREへのリンク →

Sea Turtle

Score: 5.07
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
MITREへのリンク →

Storm-0501

Score: 8.35
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Fox Kitten

Score: 5.46
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Agrius

Score: 3.12
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

menuPass

Score: 9.05
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 6.71
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

GALLIUM

Score: 5.47
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
MITREへのリンク →

Leviathan

Score: 11.85
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1027.015 - Compression
MITREへのリンク →

INC Ransom

Score: 3.97
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Dragonfly

Score: 9.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 7.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

APT41

Score: 6.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

HAFNIUM

Score: 6.56
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
  • T1003.003 - NTDS
MITREへのリンク →

APT5

Score: 3.12
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

MuddyWater

Score: 4.72
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT39

Score: 6.36
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 4.69
Matched TTPs:
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
MITREへのリンク →

POLONIUM

Score: 5.99
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

LAPSUS$

Score: 5.94
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Inception

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Wizard Spider

Score: 10.74
Matched TTPs:
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Storm-1811

Score: 3.37
Matched TTPs:
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Scattered Spider

Score: 8.97
Matched TTPs:
  • T1588.002 - Tool
  • T1556.009 - Conditional Access Policies
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

FIN8

Score: 8.39
Matched TTPs:
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN6

Score: 10.11
Matched TTPs:
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Patchwork

Score: 5.65
Matched TTPs:
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

WIRTE

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Cobalt Group

Score: 5.24
Matched TTPs:
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT33

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Chimera

Score: 4.84
Matched TTPs:
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

APT19

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Deep Panda

Score: 5.90
Matched TTPs:
  • T1027.005 - Indicator Removal from Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

APT3

Score: 4.80
Matched TTPs:
  • T1027.005 - Indicator Removal from Tools
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Higaisa

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.79
Matched TTPs:
  • T1587.001 - Malware
  • T1025 - Data from Removable Media
  • T1195 - Supply Chain Compromise
  • T1027.005 - Indicator Removal from Tools
  • T1588.003 - Code Signing Certificates
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1608.001 - Upload Malware
MITREへのリンク →

Sandworm Team

Score: 0.78
Matched TTPs:
  • T1587.001 - Malware
  • T1199 - Trusted Relationship
  • T1491.002 - External Defacement
  • T1195 - Supply Chain Compromise
  • T1588.002 - Tool
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
  • T1608.001 - Upload Malware
  • T1003.003 - NTDS
MITREへのリンク →

Lazarus Group

Score: 0.66
Matched TTPs:
  • T1587.001 - Malware
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1027.007 - Dynamic API Resolution
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1025 - Data from Removable Media
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1190 - Exploit Public-Facing Application
  • T1669 - Wi-Fi Networks
  • T1003.003 - NTDS
MITREへのリンク →

Kimsuky

Score: 0.58
Matched TTPs:
  • T1587.001 - Malware
  • T1588.003 - Code Signing Certificates
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1218.010 - Regsvr32
  • T1608.001 - Upload Malware
MITREへのリンク →

Mustang Panda

Score: 0.57
Matched TTPs:
  • T1587.001 - Malware
  • T1027.007 - Dynamic API Resolution
  • T1588.003 - Code Signing Certificates
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1608.001 - Upload Malware
  • T1003.003 - NTDS
MITREへのリンク →

Turla

Score: 0.56
Matched TTPs:
  • T1587.001 - Malware
  • T1025 - Data from Removable Media
  • T1027.005 - Indicator Removal from Tools
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る