Trusted Design

CRYPTOWALL 4 - THE EVOLUTION CONTINUES

概要

Over the past year, Talos has devoted a significant amount of time to better understanding how ransomware operates, its relation to other malware, and its economic impact. This research has proven valuable for Talos and led the development of better detection methods within the products we support along with the disruption of adversarial operations. CryptoWall is one ransomware variant that has shown gradual evolution over the past year with CryptoWall 2 and Cryptowall 3. Despite global efforts to detect and disrupt the distribution of CryptoWall, adversaries have continued to innovate and evolve their craft, leading to the release of CryptoWall 4. In order to ensure we have the most effective detection possible, Talos reverse engineered CryptoWall 4 to better understand its execution, behavior, deltas from previous versions and share our research and findings with the community.

Created: 2026-02-23

Indicators

類似Pulses

CryptoWall v4 Emerges Days After Cyber Threat Alliance Report (score: 0.81)
Cryptowall Spam: My Resume Protects All Your Files (score: 0.79)
CryptoDefense Ransomeware (score: 0.72)
CryptXXX: New Ransomware From the Actors Behind Reveton (score: 0.72)
Ransomware: CryptoWall (score: 0.71)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 20.89

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1608.001 - Upload Malware
T1657 - Financial Theft
T1588.002 - Tool
T1027 - Obfuscated Files or Information
T1219.002 - Remote Desktop Software
T1587 - Develop Capabilities
T1204.001 - Malicious Link

MITREへのリンク →

Sea Turtle

Score: 3.88

Matched TTPs:

T1583 - Acquire Infrastructure
T1588.002 - Tool

MITREへのリンク →

Ember Bear

Score: 9.34

Matched TTPs:

T1583 - Acquire Infrastructure
T1195 - Supply Chain Compromise
T1588.001 - Malware

MITREへのリンク →

Indrik Spider

Score: 7.47

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1486 - Data Encrypted for Impact

MITREへのリンク →

Agrius

Score: 3.03

Matched TTPs:

T1583 - Acquire Infrastructure

MITREへのリンク →

Contagious Interview

Score: 18.61

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1608.001 - Upload Malware
T1657 - Financial Theft
T1588.002 - Tool
T1219.002 - Remote Desktop Software
T1587 - Develop Capabilities
T1204.001 - Malicious Link

MITREへのリンク →

Sandworm Team

Score: 21.41

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1584.005 - Botnet
T1588.002 - Tool
T1027 - Obfuscated Files or Information
T1486 - Data Encrypted for Impact
T1204.001 - Malicious Link

MITREへのリンク →

Star Blizzard

Score: 5.86

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1588.002 - Tool

MITREへのリンク →

FIN13

Score: 10.01

Matched TTPs:

T1587.001 - Malware
T1657 - Financial Theft
T1588.002 - Tool
T1565 - Data Manipulation

MITREへのリンク →

Moonstone Sleet

Score: 12.54

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1027 - Obfuscated Files or Information
T1486 - Data Encrypted for Impact
T1587 - Develop Capabilities

MITREへのリンク →

Lazarus Group

Score: 9.67

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery

MITREへのリンク →

OilRig

Score: 10.12

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1588.002 - Tool
T1204.001 - Malicious Link

MITREへのリンク →

UNC3886

Score: 7.15

Matched TTPs:

T1587.001 - Malware
T1588.001 - Malware
T1124 - System Time Discovery

MITREへのリンク →

LuminousMoth

Score: 8.74

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1204.001 - Malicious Link

MITREへのリンク →

APT29

Score: 7.93

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1573 - Encrypted Channel
T1204.001 - Malicious Link

MITREへのリンク →

Play

Score: 5.47

Matched TTPs:

T1587.001 - Malware
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

RedCurl

Score: 5.74

Matched TTPs:

T1587.001 - Malware
T1027 - Obfuscated Files or Information
T1204.001 - Malicious Link

MITREへのリンク →

Turla

Score: 9.36

Matched TTPs:

T1587.001 - Malware
T1588.001 - Malware
T1588.002 - Tool
T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

Ke3chang

Score: 5.23

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1027 - Obfuscated Files or Information

MITREへのリンク →

Mustang Panda

Score: 20.16

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1678 - Delay Execution
T1588.002 - Tool
T1027 - Obfuscated Files or Information
T1219.002 - Remote Desktop Software
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link

MITREへのリンク →

TeamTNT

Score: 4.07

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware

MITREへのリンク →

FIN7

Score: 11.21

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

TA2541

Score: 9.79

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1204.001 - Malicious Link
T1027.015 - Compression

MITREへのリンク →

Earth Lusca

Score: 11.96

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1027 - Obfuscated Files or Information
T1027.003 - Steganography
T1204.001 - Malicious Link

MITREへのリンク →

Mustard Tempest

Score: 7.87

Matched TTPs:

T1608.001 - Upload Malware
T1608.006 - SEO Poisoning
T1204.001 - Malicious Link

MITREへのリンク →

LazyScripter

Score: 5.79

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1204.001 - Malicious Link

MITREへのリンク →

Gamaredon Group

Score: 9.62

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1027 - Obfuscated Files or Information
T1204.001 - Malicious Link
T1027.015 - Compression

MITREへのリンク →

Threat Group-3390

Score: 5.97

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1027.015 - Compression

MITREへのリンク →

TA505

Score: 8.98

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1204.001 - Malicious Link

MITREへのリンク →

BlackByte

Score: 4.31

Matched TTPs:

T1608.001 - Upload Malware
T1486 - Data Encrypted for Impact

MITREへのリンク →

BITTER

Score: 6.44

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1573 - Encrypted Channel

MITREへのリンク →

APT32

Score: 4.18

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1204.001 - Malicious Link

MITREへのリンク →

Saint Bear

Score: 3.33

Matched TTPs:

T1608.001 - Upload Malware
T1204.001 - Malicious Link

MITREへのリンク →

EXOTIC LILY

Score: 3.33

Matched TTPs:

T1608.001 - Upload Malware
T1204.001 - Malicious Link

MITREへのリンク →

LAPSUS$

Score: 7.44

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool
T1578.002 - Create Cloud Instance

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

APT1

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Aquatic Panda

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Andariel

Score: 5.49

Matched TTPs:

T1588.001 - Malware
T1027.003 - Steganography

MITREへのリンク →

BackdoorDiplomacy

Score: 5.59

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool
T1027 - Obfuscated Files or Information

MITREへのリンク →

Scattered Spider

Score: 15.23

Matched TTPs:

T1588.001 - Malware
T1657 - Financial Theft
T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1578.002 - Create Cloud Instance
T1219.002 - Remote Desktop Software

MITREへのリンク →

HAFNIUM

Score: 3.62

Matched TTPs:

T1584.005 - Botnet

MITREへのリンク →

Axiom

Score: 3.62

Matched TTPs:

T1584.005 - Botnet

MITREへのリンク →

Volt Typhoon

Score: 7.06

Matched TTPs:

T1584.005 - Botnet
T1588.002 - Tool
T1124 - System Time Discovery

MITREへのリンク →

INC Ransom

Score: 5.71

Matched TTPs:

T1657 - Financial Theft
T1588.002 - Tool
T1486 - Data Encrypted for Impact

MITREへのリンク →

Cinnamon Tempest

Score: 3.37

Matched TTPs:

T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

Storm-0501

Score: 7.79

Matched TTPs:

T1657 - Financial Theft
T1486 - Data Encrypted for Impact
T1219.002 - Remote Desktop Software

MITREへのリンク →

Akira

Score: 4.86

Matched TTPs:

T1657 - Financial Theft
T1486 - Data Encrypted for Impact

MITREへのリンク →

Medusa Group

Score: 10.25

Matched TTPs:

T1657 - Financial Theft
T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1650 - Acquire Access

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1657 - Financial Theft
T1486 - Data Encrypted for Impact

MITREへのリンク →

Magic Hound

Score: 8.17

Matched TTPs:

T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1573 - Encrypted Channel
T1204.001 - Malicious Link

MITREへのリンク →

MuddyWater

Score: 5.24

Matched TTPs:

T1588.002 - Tool
T1027.003 - Steganography
T1204.001 - Malicious Link

MITREへのリンク →

Storm-1811

Score: 6.12

Matched TTPs:

T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1219.002 - Remote Desktop Software

MITREへのリンク →

BRONZE BUTLER

Score: 6.48

Matched TTPs:

T1588.002 - Tool
T1027.003 - Steganography
T1124 - System Time Discovery

MITREへのリンク →

APT41

Score: 5.48

Matched TTPs:

T1588.002 - Tool
T1027 - Obfuscated Files or Information
T1486 - Data Encrypted for Impact

MITREへのリンク →

FIN8

Score: 4.55

Matched TTPs:

T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1204.001 - Malicious Link

MITREへのリンク →

GALLIUM

Score: 3.14

Matched TTPs:

T1588.002 - Tool
T1027 - Obfuscated Files or Information

MITREへのリンク →

APT-C-36

Score: 3.14

Matched TTPs:

T1588.002 - Tool
T1027 - Obfuscated Files or Information

MITREへのリンク →

Thrip

Score: 3.78

Matched TTPs:

T1588.002 - Tool
T1219.002 - Remote Desktop Software

MITREへのリンク →

APT38

Score: 4.55

Matched TTPs:

T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1204.001 - Malicious Link

MITREへのリンク →

Chimera

Score: 3.44

Matched TTPs:

T1588.002 - Tool
T1124 - System Time Discovery

MITREへのリンク →

APT3

Score: 3.65

Matched TTPs:

T1027 - Obfuscated Files or Information
T1204.001 - Malicious Link

MITREへのリンク →

Windshift

Score: 3.65

Matched TTPs:

T1027 - Obfuscated Files or Information
T1204.001 - Malicious Link

MITREへのリンク →

APT37

Score: 5.32

Matched TTPs:

T1027 - Obfuscated Files or Information
T1027.003 - Steganography

MITREへのリンク →

Tropic Trooper

Score: 6.66

Matched TTPs:

T1573 - Encrypted Channel
T1027.003 - Steganography

MITREへのリンク →

TA551

Score: 3.03

Matched TTPs:

T1027.003 - Steganography

MITREへのリンク →

Leviathan

Score: 7.55

Matched TTPs:

T1027.003 - Steganography
T1204.001 - Malicious Link
T1027.015 - Compression

MITREへのリンク →

Evilnum

Score: 4.29

Matched TTPs:

T1219.002 - Remote Desktop Software
T1204.001 - Malicious Link

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Molerats

Score: 4.51

Matched TTPs:

T1204.001 - Malicious Link
T1027.015 - Compression

MITREへのリンク →

Mofang

Score: 4.51

Matched TTPs:

T1204.001 - Malicious Link
T1027.015 - Compression

MITREへのリンク →

ZIRCONIUM

Score: 3.95

Matched TTPs:

T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

Sidewinder

Score: 3.95

Matched TTPs:

T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

Higaisa

Score: 5.74

Matched TTPs:

T1124 - System Time Discovery
T1027.015 - Compression

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.81

Matched TTPs:

T1583 - Acquire Infrastructure
T1486 - Data Encrypted for Impact
T1587.001 - Malware
T1584.005 - Botnet
T1195 - Supply Chain Compromise
T1608.001 - Upload Malware
T1027 - Obfuscated Files or Information
T1588.002 - Tool
T1204.001 - Malicious Link

MITREへのリンク →

Kimsuky

Score: 0.76

Matched TTPs:

T1657 - Financial Theft
T1583 - Acquire Infrastructure
T1587 - Develop Capabilities
T1587.001 - Malware
T1608.001 - Upload Malware
T1219.002 - Remote Desktop Software
T1027 - Obfuscated Files or Information
T1588.002 - Tool
T1204.001 - Malicious Link

MITREへのリンク →

Mustang Panda

Score: 0.75

Matched TTPs:

T1678 - Delay Execution
T1027.007 - Dynamic API Resolution
T1587.001 - Malware
T1608.001 - Upload Malware
T1219.002 - Remote Desktop Software
T1027 - Obfuscated Files or Information
T1588.002 - Tool
T1204.001 - Malicious Link

MITREへのリンク →

Contagious Interview

Score: 0.72

Matched TTPs:

T1657 - Financial Theft
T1583 - Acquire Infrastructure
T1587 - Develop Capabilities
T1587.001 - Malware
T1608.001 - Upload Malware
T1219.002 - Remote Desktop Software
T1588.002 - Tool
T1204.001 - Malicious Link

MITREへのリンク →

Scattered Spider

Score: 0.61

Matched TTPs:

T1578.002 - Create Cloud Instance
T1657 - Financial Theft
T1486 - Data Encrypted for Impact
T1219.002 - Remote Desktop Software
T1588.002 - Tool
T1588.001 - Malware

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る