Trusted Design

Backdoor.Cadelspy and Backdoor.Remexi

概要

Two teams of Iran-based attackers have been using back door threats to conduct targeted surveillance of domestic and international targets. While the groups are heavily targeting individuals located in Iran, they’ve also compromised airlines and telecom providers in the Middle East region, possibly in an attempt to monitor targets’ movements and communications. The attackers are part of two separate groups that have a shared interest in targets. One group, which we call Cadelle, uses Backdoor.Cadelspy, while the other, which we’ve named Chafer, uses Backdoor.Remexi and Backdoor.Remexi.B. These threats are capable of opening a back door and stealing information from victims’ computers

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Duuzer back door Trojan targets South Korea (score: 0.64)
Backdoor:Win32/Saluchtra (score: 0.64)
T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis (score: 0.63)
Targets Middle Eastern Telecommunications Companies (score: 0.62)
Taiwan targeted with new cyberespionage backdoor Trojan (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 9.45

Matched TTPs:

T1491.002 - External Defacement
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Sandworm Team

Score: 16.77

Matched TTPs:

T1491.002 - External Defacement
T1587.001 - Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1584.004 - Server

MITREへのリンク →

Mustard Tempest

Score: 4.54

Matched TTPs:

T1583.008 - Malvertising

MITREへのリンク →

Kimsuky

Score: 16.48

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1657 - Financial Theft
T1218.010 - Regsvr32
T1102.002 - Bidirectional Communication
T1588.003 - Code Signing Certificates

MITREへのリンク →

FIN13

Score: 8.18

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1657 - Financial Theft

MITREへのリンク →

Moonstone Sleet

Score: 4.62

Matched TTPs:

T1587.001 - Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 4.93

Matched TTPs:

T1587.001 - Malware
T1584.004 - Server

MITREへのリンク →

Lazarus Group

Score: 22.26

Matched TTPs:

T1587.001 - Malware
T1090.002 - External Proxy
T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication
T1584.004 - Server
T1027.007 - Dynamic API Resolution
T1008 - Fallback Channels
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 11.27

Matched TTPs:

T1587.001 - Malware
T1681 - Search Threat Vendor Data
T1657 - Financial Theft
T1566.003 - Spearphishing via Service

MITREへのリンク →

OilRig

Score: 18.21

Matched TTPs:

T1587.001 - Malware
T1195 - Supply Chain Compromise
T1069.001 - Local Groups
T1588.003 - Code Signing Certificates
T1008 - Fallback Channels
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 17.37

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data
T1036.004 - Masquerade Task or Service
T1205.001 - Port Knocking
T1008 - Fallback Channels

MITREへのリンク →

Salt Typhoon

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

APT29

Score: 12.68

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1550.003 - Pass the Ticket
T1566.003 - Spearphishing via Service

MITREへのリンク →

Play

Score: 6.09

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft

MITREへのリンク →

RedCurl

Score: 8.97

Matched TTPs:

T1587.001 - Malware
T1039 - Data from Network Shared Drive
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Moses Staff

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Turla

Score: 10.48

Matched TTPs:

T1587.001 - Malware
T1069.001 - Local Groups
T1102.002 - Bidirectional Communication
T1584.004 - Server

MITREへのリンク →

Ke3chang

Score: 3.57

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Mustang Panda

Score: 9.38

Matched TTPs:

T1587.001 - Malware
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN7

Score: 11.50

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication
T1008 - Fallback Channels

MITREへのリンク →

Threat Group-3390

Score: 4.62

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.003 - Code Signing Certificates

MITREへのリンク →

Volt Typhoon

Score: 11.59

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1069.001 - Local Groups
T1614 - System Location Discovery
T1584.004 - Server

MITREへのリンク →

APT28

Score: 9.65

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1039 - Data from Network Shared Drive
T1102.002 - Bidirectional Communication

MITREへのリンク →

BackdoorDiplomacy

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

BlackTech

Score: 4.62

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.003 - Code Signing Certificates

MITREへのリンク →

Magic Hound

Score: 8.49

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 8.53

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1650 - Acquire Access

MITREへのリンク →

Storm-0501

Score: 12.68

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1657 - Financial Theft
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Fox Kitten

Score: 6.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1039 - Data from Network Shared Drive

MITREへのリンク →

Cinnamon Tempest

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft

MITREへのリンク →

menuPass

Score: 7.25

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1039 - Data from Network Shared Drive

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

Blue Mockingbird

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32

MITREへのリンク →

GALLIUM

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy

MITREへのリンク →

Winter Vivern

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Earth Lusca

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

Leviathan

Score: 7.05

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1584.004 - Server

MITREへのリンク →

INC Ransom

Score: 7.84

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Dragonfly

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

APT41

Score: 7.00

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1008 - Fallback Channels

MITREへのリンク →

MuddyWater

Score: 6.61

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT39

Score: 6.61

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1102.002 - Bidirectional Communication

MITREへのリンク →

Tonto Team

Score: 5.90

Matched TTPs:

T1090.002 - External Proxy
T1069.001 - Local Groups

MITREへのリンク →

APT32

Score: 8.69

Matched TTPs:

T1550.003 - Pass the Ticket
T1036.004 - Masquerade Task or Service
T1218.010 - Regsvr32

MITREへのリンク →

BRONZE BUTLER

Score: 6.88

Matched TTPs:

T1550.003 - Pass the Ticket
T1039 - Data from Network Shared Drive

MITREへのリンク →

Carbanak

Score: 4.49

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication

MITREへのリンク →

Wizard Spider

Score: 9.38

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1552.006 - Group Policy Preferences
T1588.003 - Code Signing Certificates

MITREへのリンク →

FIN6

Score: 4.62

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1566.003 - Spearphishing via Service

MITREへのリンク →

PROMETHIUM

Score: 6.23

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1205.001 - Port Knocking

MITREへのリンク →

ZIRCONIUM

Score: 4.49

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT33

Score: 4.13

Matched TTPs:

T1552.006 - Group Policy Preferences

MITREへのリンク →

HEXANE

Score: 5.55

Matched TTPs:

T1069.001 - Local Groups
T1102.002 - Bidirectional Communication

MITREへのリンク →

admin@338

Score: 3.15

Matched TTPs:

T1069.001 - Local Groups

MITREへのリンク →

Chimera

Score: 6.19

Matched TTPs:

T1069.001 - Local Groups
T1039 - Data from Network Shared Drive

MITREへのリンク →

Gamaredon Group

Score: 5.43

Matched TTPs:

T1039 - Data from Network Shared Drive
T1102.002 - Bidirectional Communication

MITREへのリンク →

Sowbug

Score: 3.03

Matched TTPs:

T1039 - Data from Network Shared Drive

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1614 - System Location Discovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

FIN8

Score: 3.15

Matched TTPs:

T1588.003 - Code Signing Certificates

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.83

Matched TTPs:

T1584.004 - Server
T1008 - Fallback Channels
T1036.004 - Masquerade Task or Service
T1102.002 - Bidirectional Communication
T1587.001 - Malware
T1090.002 - External Proxy
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service

MITREへのリンク →

OilRig

Score: 0.72

Matched TTPs:

T1069.001 - Local Groups
T1588.003 - Code Signing Certificates
T1008 - Fallback Channels
T1587.001 - Malware
T1195 - Supply Chain Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 0.68

Matched TTPs:

T1681 - Search Threat Vendor Data
T1205.001 - Port Knocking
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1008 - Fallback Channels
T1587.001 - Malware

MITREへのリンク →

Sandworm Team

Score: 0.66

Matched TTPs:

T1584.004 - Server
T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1491.002 - External Defacement
T1587.001 - Malware
T1195 - Supply Chain Compromise

MITREへのリンク →

Kimsuky

Score: 0.63

Matched TTPs:

T1588.003 - Code Signing Certificates
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1657 - Financial Theft
T1102.002 - Bidirectional Communication
T1587.001 - Malware
T1218.010 - Regsvr32

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る