LATENTBOT: Trace Me If You Can
概要
FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless.
Through our Dynamic Threat Intelligence (DTI), we have observed multiple campaigns targeting multiple industries in the United States, United Kingdom, South Korea, Brazil, United Arab Emirates, Singapore, Canada, Peru and Poland – primarily in the financial services and insurance sectors. Although the infection strategy is not new, the final payload dropped – which we named LATENTBOT – caught our attention since it implements several layers of obfuscation, a unique exfiltration mechanism, and has been very successful at infecting multiple organizations.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 21.48
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1588.001 - Malware
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
- T1086 - PowerShell
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1132.001 - Standard Encoding
MITREへのリンク →
Score: 16.18
Matched TTPs:
- T1132.001 - Standard Encoding
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 21.05
Matched TTPs:
- T1216.001 - PubPrn
- T1193 - Spearphishing Attachment
- T1136.002 - Domain Account
- T1122 - Component Object Model Hijacking
- T1065 - Uncommonly Used Port
- T1588.005 - Exploits
MITREへのリンク →
Score: 28.79
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1021.006 - Windows Remote Management
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1690 - Prevent Command History Logging
- T1601.001 - Patch System Image
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.93
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1005 - Data from Local System
- T1136.002 - Domain Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 38.49
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1114 - Email Collection
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1193 - Spearphishing Attachment
- T1049 - System Network Connections Discovery
- T1122 - Component Object Model Hijacking
- T1102.003 - One-Way Communication
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 5.74
Matched TTPs:
- T1114 - Email Collection
- T1566.002 - Spearphishing Link
MITREへのリンク →
Score: 38.44
Matched TTPs:
- T1114 - Email Collection
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1683.001 - Written Content
- T1588.001 - Malware
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1102.003 - One-Way Communication
- T1690 - Prevent Command History Logging
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1008 - Fallback Channels
MITREへのリンク →
Score: 28.52
Matched TTPs:
- T1114 - Email Collection
- T1164 - Re-opened Applications
- T1049 - System Network Connections Discovery
- T1057 - Process Discovery
- T1102.003 - One-Way Communication
- T1065 - Uncommonly Used Port
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 17.66
Matched TTPs:
- T1114 - Email Collection
- T1091 - Replication Through Removable Media
- T1149 - LC_MAIN Hijacking
- T1690 - Prevent Command History Logging
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.30
Matched TTPs:
- T1114 - Email Collection
- T1608.005 - Link Target
MITREへのリンク →
Score: 6.71
Matched TTPs:
- T1606.002 - SAML Tokens
- T1588.001 - Malware
- T1552.003 - Shell History
MITREへのリンク →
Score: 11.93
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 12.28
Matched TTPs:
- T1606.002 - SAML Tokens
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1588.001 - Malware
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.53
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
MITREへのリンク →
Score: 10.87
Matched TTPs:
- T1606.002 - SAML Tokens
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
- T1218.010 - Regsvr32
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.38
Matched TTPs:
- T1606.002 - SAML Tokens
- T1552.003 - Shell History
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.59
Matched TTPs:
- T1606.002 - SAML Tokens
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.84
Matched TTPs:
- T1606.002 - SAML Tokens
- T1122 - Component Object Model Hijacking
MITREへのリンク →
Score: 13.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 16.06
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.97
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 21.49
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1011.001 - Exfiltration Over Bluetooth
- T1588.001 - Malware
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 10.46
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 11.28
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1136.002 - Domain Account
- T1552.003 - Shell History
- T1588.005 - Exploits
MITREへのリンク →
Score: 6.57
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1588.001 - Malware
- T1608.005 - Link Target
MITREへのリンク →
Score: 11.90
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1588.001 - Malware
- T1608.005 - Link Target
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 19.34
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1588.001 - Malware
- T1608.005 - Link Target
- T1187 - Forced Authentication
- T1601.001 - Patch System Image
- T1098.002 - Additional Email Delegate Permissions
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 12.00
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1122 - Component Object Model Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.72
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1102.003 - One-Way Communication
MITREへのリンク →
Score: 8.60
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1218.001 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1193 - Spearphishing Attachment
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 11.00
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1008 - Fallback Channels
MITREへのリンク →
Score: 8.34
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 10.07
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 8.31
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 11.88
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1608.005 - Link Target
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1086 - PowerShell
MITREへのリンク →
Score: 10.35
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.003 - CMSTP
- T1122 - Component Object Model Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.62
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1506 - Web Session Cookie
- T1159 - Launch Agent
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.87
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 5.56
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1588.001 - Malware
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 10.20
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.48
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1608.005 - Link Target
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.87
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 12.43
Matched TTPs:
- T1218.003 - CMSTP
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.32
Matched TTPs:
- T1136.002 - Domain Account
- T1588.001 - Malware
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1136.002 - Domain Account
- T1187 - Forced Authentication
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.55
Matched TTPs:
- T1136.002 - Domain Account
- T1588.001 - Malware
MITREへのリンク →
Score: 5.72
Matched TTPs:
- T1588.001 - Malware
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 5.86
Matched TTPs:
- T1588.001 - Malware
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.48
Matched TTPs:
- T1588.001 - Malware
- T1601.001 - Patch System Image
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1588.001 - Malware
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1588.001 - Malware
- T1601.001 - Patch System Image
- T1588.005 - Exploits
MITREへのリンク →
Score: 3.59
Matched TTPs:
- T1588.001 - Malware
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.52
Matched TTPs:
- T1588.001 - Malware
- T1552.003 - Shell History
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 11.01
Matched TTPs:
- T1588.001 - Malware
- T1218.010 - Regsvr32
- T1574.002 - DLL Side-Loading
- T1008 - Fallback Channels
MITREへのリンク →
Score: 8.38
Matched TTPs:
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
MITREへのリンク →
Score: 5.12
Matched TTPs:
- T1049 - System Network Connections Discovery
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.42
Matched TTPs:
- T1552.003 - Shell History
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 10.01
Matched TTPs:
- T1608.005 - Link Target
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.51
Matched TTPs:
- T1608.005 - Link Target
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.76
Matched TTPs:
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1122 - Component Object Model Hijacking
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1122 - Component Object Model Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 5.26
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.52
Matched TTPs:
- T1218.010 - Regsvr32
- T1159 - Launch Agent
- T1008 - Fallback Channels
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1159 - Launch Agent
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 7.17
Matched TTPs:
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.76
Matched TTPs:
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.42
Matched TTPs:
- T1506 - Web Session Cookie
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.18
Matched TTPs:
- T1506 - Web Session Cookie
- T1008 - Fallback Channels
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1008 - Fallback Channels
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.86
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1005 - Data from Local System
- T1218.010 - Regsvr32
- T1193 - Spearphishing Attachment
- T1564.008 - Email Hiding Rules
- T1049 - System Network Connections Discovery
- T1122 - Component Object Model Hijacking
- T1606.002 - SAML Tokens
- T1601.001 - Patch System Image
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
- T1187 - Forced Authentication
- T1114 - Email Collection
MITREへのリンク →
Score: 0.82
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1008 - Fallback Channels
- T1683.001 - Written Content
- T1608.005 - Link Target
- T1506 - Web Session Cookie
- T1588.001 - Malware
- T1606.002 - SAML Tokens
- T1601.001 - Patch System Image
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1690 - Prevent Command History Logging
- T1552.003 - Shell History
- T1114 - Email Collection
MITREへのリンク →
Score: 0.65
Matched TTPs:
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
- T1065 - Uncommonly Used Port
- T1049 - System Network Connections Discovery
- T1102.003 - One-Way Communication
- T1164 - Re-opened Applications
- T1057 - Process Discovery
- T1114 - Email Collection
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1608.005 - Link Target
- T1547.008 - LSASS Driver
- T1606.002 - SAML Tokens
- T1601.001 - Patch System Image
- T1021.006 - Windows Remote Management
- T1044 - File System Permissions Weakness
- T1102.003 - One-Way Communication
- T1091 - Replication Through Removable Media
- T1690 - Prevent Command History Logging
- T1552.003 - Shell History
MITREへのリンク →
Score: 0.55
Matched TTPs:
- T1011.001 - Exfiltration Over Bluetooth
- T1608.005 - Link Target
- T1588.001 - Malware
- T1606.002 - SAML Tokens
- T1601.001 - Patch System Image
- T1091 - Replication Through Removable Media
- T1065 - Uncommonly Used Port
- T1057 - Process Discovery
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design