Trusted Design

CryptoWall v4 Emerges Days After Cyber Threat Alliance Report

概要

Beginning on October 30, 2015, Palo Alto Networks began seeing instances of this new version of CryptoWall, which some researchers have begun calling version 4. This new version CryptoWall includes multiple updates, such as a more streamlined network communication channel, modified ransom message, and the encryption of filenames. These changes not only make it more difficult for the victim to identify what files have been encrypted, but also may thwart security protections currently in place for the CryptoWall threat. CryptoWall is a type of malware known as ransomware, which encrypts a victim’s files and subsequently demands payment in exchange for the decryption key. The ransom payment is typically collected using a form of crypto-currency, such as Bitcoin. Ransomware has been responsible for many millions of dollars in damages, and CryptoWall is one of the most lucrative ransomware families in use today.

Created: 2026-02-23

Indicators

類似Pulses

Ransomware: CryptoWall (score: 0.83)
CRYPTOWALL 4 - THE EVOLUTION CONTINUES (score: 0.81)
CryptoDefense Ransomeware (score: 0.75)
CryptXXX Ransomware Learns the Samba, Other New Tricks (score: 0.72)
Cryptowall Spam: My Resume Protects All Your Files (score: 0.72)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 21.26

Matched TTPs:

T1053.007 - Container Orchestration Job
T1016.001 - Internet Connection Discovery
T1091 - Replication Through Removable Media
T1588.001 - Malware
T1552.003 - Shell History
T1087.004 - Cloud Account
T1204.003 - Malicious Image
T1027.014 - Polymorphic Code

MITREへのリンク →

Mustang Panda

Score: 15.36

Matched TTPs:

T1053.007 - Container Orchestration Job
T1016.001 - Internet Connection Discovery
T1091 - Replication Through Removable Media
T1087.004 - Cloud Account
T1055.005 - Thread Local Storage

MITREへのリンク →

FIN6

Score: 10.59

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1550 - Use Alternate Authentication Material
T1588.001 - Malware
T1128 - Netsh Helper DLL

MITREへのリンク →

CopyKittens

Score: 3.15

Matched TTPs:

T1016.001 - Internet Connection Discovery

MITREへのリンク →

UNC3886

Score: 11.28

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1588.001 - Malware
T1055.015 - ListPlanting
T1578.001 - Create Snapshot

MITREへのリンク →

Lotus Blossom

Score: 3.15

Matched TTPs:

T1016.001 - Internet Connection Discovery

MITREへのリンク →

Lazarus Group

Score: 19.98

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1550 - Use Alternate Authentication Material
T1588.001 - Malware
T1087.004 - Cloud Account
T1055.005 - Thread Local Storage
T1055.015 - ListPlanting
T1578.001 - Create Snapshot

MITREへのリンク →

Sandworm Team

Score: 6.29

Matched TTPs:

T1091 - Replication Through Removable Media
T1087.004 - Cloud Account
T1027 - Obfuscated Files or Information

MITREへのリンク →

TA2541

Score: 7.87

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL
T1546.017 - Udev Rules

MITREへのリンク →

LuminousMoth

Score: 6.54

Matched TTPs:

T1091 - Replication Through Removable Media
T1550 - Use Alternate Authentication Material
T1087.004 - Cloud Account

MITREへのリンク →

Mustard Tempest

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1543.002 - Systemd Service

MITREへのリンク →

OilRig

Score: 8.16

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL
T1055.015 - ListPlanting

MITREへのリンク →

Gamaredon Group

Score: 15.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1562.010 - Downgrade Attack
T1087.004 - Cloud Account
T1061 - Graphical User Interface
T1546.017 - Udev Rules

MITREへのリンク →

Star Blizzard

Score: 4.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1204.003 - Malicious Image

MITREへのリンク →

Threat Group-3390

Score: 5.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1546.017 - Udev Rules

MITREへのリンク →

TA505

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1027 - Obfuscated Files or Information

MITREへのリンク →

BlackByte

Score: 12.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1550 - Use Alternate Authentication Material
T1562.010 - Downgrade Attack
T1087.004 - Cloud Account
T1027 - Obfuscated Files or Information

MITREへのリンク →

BITTER

Score: 7.69

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1683 - Generate Content

MITREへのリンク →

APT32

Score: 15.22

Matched TTPs:

T1091 - Replication Through Removable Media
T1550 - Use Alternate Authentication Material
T1592.004 - Client Configurations
T1588.001 - Malware
T1087.004 - Cloud Account
T1027.014 - Polymorphic Code

MITREへのリンク →

Moonstone Sleet

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1027 - Obfuscated Files or Information

MITREへのリンク →

Contagious Interview

Score: 10.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1562.010 - Downgrade Attack
T1087.004 - Cloud Account

MITREへのリンク →

FIN7

Score: 12.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1027 - Obfuscated Files or Information
T1055.015 - ListPlanting
T1578.001 - Create Snapshot

MITREへのリンク →

APT42

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

Dragonfly

Score: 8.88

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1204.003 - Malicious Image
T1578.002 - Create Cloud Instance

MITREへのリンク →

APT28

Score: 17.77

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1205.001 - Port Knocking
T1204.003 - Malicious Image
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

Ke3chang

Score: 7.23

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1087.004 - Cloud Account
T1204.003 - Malicious Image

MITREへのリンク →

Leviathan

Score: 10.46

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1087.004 - Cloud Account
T1027.014 - Polymorphic Code
T1546.017 - Udev Rules

MITREへのリンク →

Scattered Spider

Score: 10.97

Matched TTPs:

T1218.015 - Electron Applications
T1552.003 - Shell History
T1087.004 - Cloud Account
T1027 - Obfuscated Files or Information

MITREへのリンク →

Storm-0501

Score: 13.84

Matched TTPs:

T1218.015 - Electron Applications
T1588.001 - Malware
T1552.003 - Shell History
T1027 - Obfuscated Files or Information
T1027.014 - Polymorphic Code

MITREへのリンク →

APT29

Score: 10.13

Matched TTPs:

T1592.004 - Client Configurations
T1204.003 - Malicious Image
T1683 - Generate Content

MITREへのリンク →

BRONZE BUTLER

Score: 6.44

Matched TTPs:

T1592.004 - Client Configurations
T1578.001 - Create Snapshot

MITREへのリンク →

FIN13

Score: 4.62

Matched TTPs:

T1588.001 - Malware
T1552.003 - Shell History

MITREへのリンク →

Winter Vivern

Score: 4.07

Matched TTPs:

T1588.001 - Malware
T1087.004 - Cloud Account

MITREへのリンク →

Wizard Spider

Score: 4.07

Matched TTPs:

T1588.001 - Malware
T1087.004 - Cloud Account

MITREへのリンク →

ZIRCONIUM

Score: 6.66

Matched TTPs:

T1588.001 - Malware
T1087.004 - Cloud Account
T1578.001 - Create Snapshot

MITREへのリンク →

Magic Hound

Score: 14.35

Matched TTPs:

T1588.001 - Malware
T1204.003 - Malicious Image
T1027 - Obfuscated Files or Information
T1683 - Generate Content
T1578.002 - Create Cloud Instance

MITREへのリンク →

Higaisa

Score: 9.81

Matched TTPs:

T1588.001 - Malware
T1087.004 - Cloud Account
T1578.001 - Create Snapshot
T1546.017 - Udev Rules

MITREへのリンク →

APT41

Score: 7.88

Matched TTPs:

T1588.001 - Malware
T1027 - Obfuscated Files or Information
T1055.015 - ListPlanting

MITREへのリンク →

INC Ransom

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

Akira

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

Medusa Group

Score: 16.69

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information
T1128 - Netsh Helper DLL
T1598 - Phishing for Information
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

CURIUM

Score: 8.41

Matched TTPs:

T1205.001 - Port Knocking
T1087.004 - Cloud Account
T1578.001 - Create Snapshot

MITREへのリンク →

Storm-1811

Score: 9.81

Matched TTPs:

T1205.001 - Port Knocking
T1027 - Obfuscated Files or Information
T1578.002 - Create Cloud Instance

MITREへのリンク →

Chimera

Score: 7.23

Matched TTPs:

T1087.004 - Cloud Account
T1204.003 - Malicious Image
T1578.001 - Create Snapshot

MITREへのリンク →

APT3

Score: 5.59

Matched TTPs:

T1087.004 - Cloud Account
T1578.002 - Create Cloud Instance

MITREへのリンク →

FIN8

Score: 5.09

Matched TTPs:

T1027 - Obfuscated Files or Information
T1128 - Netsh Helper DLL

MITREへのリンク →

Tropic Trooper

Score: 6.37

Matched TTPs:

T1683 - Generate Content
T1128 - Netsh Helper DLL

MITREへのリンク →

Cobalt Group

Score: 5.49

Matched TTPs:

T1027.014 - Polymorphic Code
T1128 - Netsh Helper DLL

MITREへのリンク →

Velvet Ant

Score: 6.88

Matched TTPs:

T1128 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.78

Matched TTPs:

T1087.004 - Cloud Account
T1016.001 - Internet Connection Discovery
T1053.007 - Container Orchestration Job
T1588.001 - Malware
T1027.014 - Polymorphic Code
T1091 - Replication Through Removable Media
T1204.003 - Malicious Image
T1552.003 - Shell History

MITREへのリンク →

Lazarus Group

Score: 0.75

Matched TTPs:

T1055.015 - ListPlanting
T1087.004 - Cloud Account
T1016.001 - Internet Connection Discovery
T1588.001 - Malware
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot
T1550 - Use Alternate Authentication Material

MITREへのリンク →

Medusa Group

Score: 0.70

Matched TTPs:

T1598 - Phishing for Information
T1027 - Obfuscated Files or Information
T1552.003 - Shell History
T1094 - Custom Command and Control Protocol
T1128 - Netsh Helper DLL

MITREへのリンク →

APT28

Score: 0.66

Matched TTPs:

T1546.007 - Netsh Helper DLL
T1205.001 - Port Knocking
T1566.003 - Spearphishing via Service
T1204.003 - Malicious Image
T1550 - Use Alternate Authentication Material

MITREへのリンク →

Storm-0501

Score: 0.64

Matched TTPs:

T1027.014 - Polymorphic Code
T1588.001 - Malware
T1027 - Obfuscated Files or Information
T1552.003 - Shell History
T1218.015 - Electron Applications

MITREへのリンク →

Gamaredon Group

Score: 0.61

Matched TTPs:

T1087.004 - Cloud Account
T1061 - Graphical User Interface
T1562.010 - Downgrade Attack
T1091 - Replication Through Removable Media
T1546.017 - Udev Rules

MITREへのリンク →

Mustang Panda

Score: 0.59

Matched TTPs:

T1087.004 - Cloud Account
T1016.001 - Internet Connection Discovery
T1053.007 - Container Orchestration Job
T1055.005 - Thread Local Storage
T1091 - Replication Through Removable Media

MITREへのリンク →

BlackByte

Score: 0.59

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1087.004 - Cloud Account
T1562.010 - Downgrade Attack
T1091 - Replication Through Removable Media
T1027 - Obfuscated Files or Information

MITREへのリンク →

APT32

Score: 0.59

Matched TTPs:

T1087.004 - Cloud Account
T1027.014 - Polymorphic Code
T1588.001 - Malware
T1592.004 - Client Configurations
T1091 - Replication Through Removable Media
T1550 - Use Alternate Authentication Material

MITREへのリンク →

Magic Hound

Score: 0.57

Matched TTPs:

T1683 - Generate Content
T1578.002 - Create Cloud Instance
T1588.001 - Malware
T1204.003 - Malicious Image
T1027 - Obfuscated Files or Information

MITREへのリンク →

FIN7

Score: 0.57

Matched TTPs:

T1055.015 - ListPlanting
T1588.001 - Malware
T1091 - Replication Through Removable Media
T1578.001 - Create Snapshot
T1027 - Obfuscated Files or Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る