Trusted Design

LATENTBOT: Trace Me If You Can

概要

FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless. Through our Dynamic Threat Intelligence (DTI), we have observed multiple campaigns targeting multiple industries in the United States, United Kingdom, South Korea, Brazil, United Arab Emirates, Singapore, Canada, Peru and Poland – primarily in the financial services and insurance sectors. Although the infection strategy is not new, the final payload dropped – which we named LATENTBOT – caught our attention since it implements several layers of obfuscation, a unique exfiltration mechanism, and has been very successful at infecting multiple organizations. Source : https://www.fireeye.com/blog/threat-research/2015/12/latentbot_trace_me.html

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

LATENTBOT: Trace Me If You Can (score: 0.99)
LatentBot Piece by Piece | Malwarebytes Labs (score: 0.66)
FBI Flash #68 (PlugX) (score: 0.63)
US Banks Targeted with Trickbot Trojan - FlashPoint (score: 0.62)
Uncovering Bunitu’s Secrets (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 21.48

Matched TTPs:

T1132.001 - Standard Encoding
T1606.002 - SAML Tokens
T1588.001 - Malware
T1608.005 - Link Target
T1057 - Process Discovery
T1218.010 - Regsvr32
T1547.008 - LSASS Driver
T1086 - PowerShell

MITREへのリンク →

TA577

Score: 3.84

Matched TTPs:

T1132.001 - Standard Encoding

MITREへのリンク →

Moonstone Sleet

Score: 13.72

Matched TTPs:

T1132.001 - Standard Encoding
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1057 - Process Discovery
T1547.008 - LSASS Driver

MITREへのリンク →

LAPSUS$

Score: 21.05

Matched TTPs:

T1216.001 - PubPrn
T1193 - Spearphishing Attachment
T1136.002 - Domain Account
T1122 - Component Object Model Hijacking
T1065 - Uncommonly Used Port
T1588.005 - Exploits

MITREへのリンク →

Contagious Interview

Score: 28.79

Matched TTPs:

T1044 - File System Permissions Weakness
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1552.003 - Shell History
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1601.001 - Patch System Image
T1547.008 - LSASS Driver

MITREへのリンク →

Ember Bear

Score: 11.93

Matched TTPs:

T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1136.002 - Domain Account
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 36.03

Matched TTPs:

T1564.008 - Email Hiding Rules
T1114 - Email Collection
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1193 - Spearphishing Attachment
T1049 - System Network Connections Discovery
T1122 - Component Object Model Hijacking
T1102.003 - One-Way Communication
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

Mustard Tempest

Score: 11.05

Matched TTPs:

T1682 - Query Public AI Services
T1091 - Replication Through Removable Media
T1543.002 - Systemd Service

MITREへのリンク →

Silent Librarian

Score: 3.29

Matched TTPs:

T1114 - Email Collection

MITREへのリンク →

Kimsuky

Score: 34.09

Matched TTPs:

T1114 - Email Collection
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1683.001 - Written Content
T1588.001 - Malware
T1552.003 - Shell History
T1608.005 - Link Target
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1601.001 - Patch System Image
T1008 - Fallback Channels

MITREへのリンク →

Volt Typhoon

Score: 25.77

Matched TTPs:

T1114 - Email Collection
T1164 - Re-opened Applications
T1049 - System Network Connections Discovery
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1065 - Uncommonly Used Port
T1574.002 - DLL Side-Loading

MITREへのリンク →

EXOTIC LILY

Score: 17.66

Matched TTPs:

T1114 - Email Collection
T1091 - Replication Through Removable Media
T1149 - LC_MAIN Hijacking
T1690 - Prevent Command History Logging
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

TA578

Score: 5.30

Matched TTPs:

T1114 - Email Collection
T1608.005 - Link Target

MITREへのリンク →

FIN13

Score: 6.71

Matched TTPs:

T1606.002 - SAML Tokens
T1588.001 - Malware
T1552.003 - Shell History

MITREへのリンク →

OilRig

Score: 11.93

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

UNC3886

Score: 12.28

Matched TTPs:

T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1588.001 - Malware
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 6.53

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

APT29

Score: 19.95

Matched TTPs:

T1606.002 - SAML Tokens
T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1223 - Compiled HTML File
T1547.008 - LSASS Driver

MITREへのリンク →

Play

Score: 6.48

Matched TTPs:

T1606.002 - SAML Tokens
T1552.003 - Shell History
T1601.001 - Patch System Image

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 4.84

Matched TTPs:

T1606.002 - SAML Tokens
T1122 - Component Object Model Hijacking

MITREへのリンク →

Turla

Score: 12.05

Matched TTPs:

T1606.002 - SAML Tokens
T1136.002 - Domain Account
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1601.001 - Patch System Image

MITREへのリンク →

Mustang Panda

Score: 10.86

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1218.010 - Regsvr32

MITREへのリンク →

TeamTNT

Score: 4.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media

MITREへのリンク →

FIN7

Score: 21.49

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1011.001 - Exfiltration Over Bluetooth
T1588.001 - Malware
T1608.005 - Link Target
T1057 - Process Discovery
T1065 - Uncommonly Used Port
T1601.001 - Patch System Image

MITREへのリンク →

TA2541

Score: 6.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1608.005 - Link Target

MITREへのリンク →

Earth Lusca

Score: 10.07

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1608.005 - Link Target
T1218.001 - Compiled HTML File

MITREへのリンク →

LazyScripter

Score: 8.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1608.005 - Link Target
T1601.001 - Patch System Image

MITREへのリンク →

Gamaredon Group

Score: 9.98

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1601.001 - Patch System Image
T1086 - PowerShell

MITREへのリンク →

Star Blizzard

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication

MITREへのリンク →

Threat Group-3390

Score: 10.35

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.003 - CMSTP
T1122 - Component Object Model Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

TA505

Score: 6.30

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1601.001 - Patch System Image

MITREへのリンク →

BITTER

Score: 5.56

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 9.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1608.005 - Link Target
T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

HEXANE

Score: 7.46

Matched TTPs:

T1091 - Replication Through Removable Media
T1065 - Uncommonly Used Port
T1601.001 - Patch System Image

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

Medusa Group

Score: 10.53

Matched TTPs:

T1218.003 - CMSTP
T1552.003 - Shell History
T1608.005 - Link Target
T1601.001 - Patch System Image

MITREへのリンク →

Dragonfly

Score: 5.34

Matched TTPs:

T1193 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

Aquatic Panda

Score: 6.42

Matched TTPs:

T1136.002 - Domain Account
T1588.001 - Malware
T1601.001 - Patch System Image

MITREへのリンク →

Andariel

Score: 7.80

Matched TTPs:

T1136.002 - Domain Account
T1187 - Forced Authentication
T1218.010 - Regsvr32

MITREへのリンク →

BackdoorDiplomacy

Score: 4.55

Matched TTPs:

T1136.002 - Domain Account
T1588.001 - Malware

MITREへのリンク →

Scattered Spider

Score: 8.83

Matched TTPs:

T1136.002 - Domain Account
T1552.003 - Shell History
T1588.005 - Exploits

MITREへのリンク →

Winter Vivern

Score: 5.72

Matched TTPs:

T1588.001 - Malware
T1218.001 - Compiled HTML File

MITREへのリンク →

Wizard Spider

Score: 3.96

Matched TTPs:

T1588.001 - Malware
T1601.001 - Patch System Image

MITREへのリンク →

FIN6

Score: 6.48

Matched TTPs:

T1588.001 - Malware
T1601.001 - Patch System Image
T1547.008 - LSASS Driver

MITREへのリンク →

Fox Kitten

Score: 7.80

Matched TTPs:

T1588.001 - Malware
T1601.001 - Patch System Image
T1588.005 - Exploits

MITREへのリンク →

ZIRCONIUM

Score: 4.11

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target

MITREへのリンク →

Magic Hound

Score: 16.88

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1187 - Forced Authentication
T1601.001 - Patch System Image
T1098.002 - Additional Email Delegate Permissions
T1547.008 - LSASS Driver

MITREへのリンク →

Higaisa

Score: 3.59

Matched TTPs:

T1588.001 - Malware
T1218.010 - Regsvr32

MITREへのリンク →

Storm-0501

Score: 4.62

Matched TTPs:

T1588.001 - Malware
T1552.003 - Shell History

MITREへのリンク →

APT41

Score: 11.01

Matched TTPs:

T1588.001 - Malware
T1218.010 - Regsvr32
T1574.002 - DLL Side-Loading
T1008 - Fallback Channels

MITREへのリンク →

HAFNIUM

Score: 8.38

Matched TTPs:

T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1122 - Component Object Model Hijacking

MITREへのリンク →

Axiom

Score: 5.12

Matched TTPs:

T1049 - System Network Connections Discovery
T1218.010 - Regsvr32

MITREへのリンク →

MuddyWater

Score: 5.37

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

APT28

Score: 9.54

Matched TTPs:

T1608.005 - Link Target
T1057 - Process Discovery
T1122 - Component Object Model Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

POLONIUM

Score: 4.76

Matched TTPs:

T1608.005 - Link Target
T1122 - Component Object Model Hijacking

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.61

Matched TTPs:

T1122 - Component Object Model Hijacking
T1601.001 - Patch System Image

MITREへのリンク →

Sea Turtle

Score: 4.24

Matched TTPs:

T1122 - Component Object Model Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

CURIUM

Score: 6.14

Matched TTPs:

T1218.001 - Compiled HTML File
T1547.008 - LSASS Driver

MITREへのリンク →

Sidewinder

Score: 3.36

Matched TTPs:

T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

Patchwork

Score: 6.64

Matched TTPs:

T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1008 - Fallback Channels

MITREへのリンク →

Cobalt Group

Score: 3.36

Matched TTPs:

T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

BRONZE BUTLER

Score: 4.78

Matched TTPs:

T1218.010 - Regsvr32
T1008 - Fallback Channels

MITREへのリンク →

Rocke

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.86

Matched TTPs:

T1122 - Component Object Model Hijacking
T1606.002 - SAML Tokens
T1102.003 - One-Way Communication
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1114 - Email Collection
T1564.008 - Email Hiding Rules
T1193 - Spearphishing Attachment
T1005 - Data from Local System
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

Kimsuky

Score: 0.78

Matched TTPs:

T1008 - Fallback Channels
T1606.002 - SAML Tokens
T1102.003 - One-Way Communication
T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1114 - Email Collection
T1690 - Prevent Command History Logging
T1057 - Process Discovery
T1588.001 - Malware
T1683.001 - Written Content
T1608.005 - Link Target
T1601.001 - Patch System Image

MITREへのリンク →

Contagious Interview

Score: 0.68

Matched TTPs:

T1547.008 - LSASS Driver
T1606.002 - SAML Tokens
T1102.003 - One-Way Communication
T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1044 - File System Permissions Weakness
T1690 - Prevent Command History Logging
T1021.006 - Windows Remote Management
T1608.005 - Link Target
T1601.001 - Patch System Image

MITREへのリンク →

Volt Typhoon

Score: 0.63

Matched TTPs:

T1102.003 - One-Way Communication
T1049 - System Network Connections Discovery
T1114 - Email Collection
T1164 - Re-opened Applications
T1057 - Process Discovery
T1574.002 - DLL Side-Loading
T1065 - Uncommonly Used Port

MITREへのリンク →

FIN7

Score: 0.58

Matched TTPs:

T1011.001 - Exfiltration Over Bluetooth
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1588.001 - Malware
T1057 - Process Discovery
T1608.005 - Link Target
T1065 - Uncommonly Used Port
T1601.001 - Patch System Image

MITREへのリンク →

Lazarus Group

Score: 0.56

Matched TTPs:

T1547.008 - LSASS Driver
T1606.002 - SAML Tokens
T1588.001 - Malware
T1132.001 - Standard Encoding
T1218.010 - Regsvr32
T1057 - Process Discovery
T1608.005 - Link Target
T1086 - PowerShell

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る