Trusted Design

ZBot Malware

概要

The Trojans designed to steal money from bank accounts pose a serious threat to Android users. The Android.ZBot Trojan is one of these malicious programs. Its different modifications target mobile devices of Russian users from February 2015. This Trojan is interesting due to its ability to steal logins, passwords, and other confidential data by displaying fraudulent authentication forms on top of any applications. The appearance of such forms is generated on cybercriminals’ command. What is more, they are “tied” to the attacked applications, which creates an illusion that they are legitimate and belong to the corresponding software. According to Doctor Web specialists, the devices infected by Android.ZBot are grouped into botnets, the number of which is now more than ten. However, it is possible that their quantity will be constantly increasing, because virus writers are still busy distributing this malicious program.

Created: 2026-02-23

Indicators

類似Pulses

Attack on Zygote: a new twist in the evolution of mobile threats (score: 0.82)
Android Trojan Xbot Phishes Credit Cards and Bank Accounts (score: 0.76)
Banking Trojan infected dozens of Android apps worldwide (score: 0.75)
A Look Into The New Strain Of BankBot (score: 0.74)
BankBot Found on Google Play and Targets Ten New UAE Banking Apps (score: 0.74)

このPulseに関連する脅威アクター (事実ベース)

Mustard Tempest

Score: 6.51

Matched TTPs:

T1583.008 - Malvertising
T1608.001 - Upload Malware

MITREへのリンク →

Kimsuky

Score: 19.24

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1657 - Financial Theft
T1588.002 - Tool
T1055.012 - Process Hollowing
T1588.003 - Code Signing Certificates
T1680 - Local Storage Discovery
T1078.003 - Local Accounts

MITREへのリンク →

FIN13

Score: 12.67

Matched TTPs:

T1587.001 - Malware
T1657 - Financial Theft
T1588.002 - Tool
T1564.001 - Hidden Files and Directories
T1556 - Modify Authentication Process

MITREへのリンク →

Moonstone Sleet

Score: 6.59

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 5.94

Matched TTPs:

T1587.001 - Malware
T1136 - Create Account

MITREへのリンク →

Lazarus Group

Score: 27.90

Matched TTPs:

T1587.001 - Malware
T1070 - Indicator Removal
T1588.002 - Tool
T1001.003 - Protocol or Service Impersonation
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1680 - Local Storage Discovery
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Contagious Interview

Score: 21.79

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1657 - Financial Theft
T1588.002 - Tool
T1547.013 - XDG Autostart Entries
T1204.004 - Malicious Copy and Paste
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

OilRig

Score: 17.18

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

UNC3886

Score: 7.15

Matched TTPs:

T1587.001 - Malware
T1588.001 - Malware
T1124 - System Time Discovery

MITREへのリンク →

LuminousMoth

Score: 13.08

Matched TTPs:

T1587.001 - Malware
T1091 - Replication Through Removable Media
T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Sandworm Team

Score: 16.23

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1584.005 - Botnet
T1588.002 - Tool
T1592.002 - Software

MITREへのリンク →

Salt Typhoon

Score: 9.54

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1136 - Create Account
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT29

Score: 8.13

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

Play

Score: 8.13

Matched TTPs:

T1587.001 - Malware
T1657 - Financial Theft
T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Aoqin Dragon

Score: 5.98

Matched TTPs:

T1587.001 - Malware
T1091 - Replication Through Removable Media
T1588.002 - Tool

MITREへのリンク →

RedCurl

Score: 4.76

Matched TTPs:

T1587.001 - Malware
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Turla

Score: 10.66

Matched TTPs:

T1587.001 - Malware
T1588.001 - Malware
T1588.002 - Tool
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Ke3chang

Score: 6.79

Matched TTPs:

T1587.001 - Malware
T1583.005 - Botnet
T1588.002 - Tool

MITREへのリンク →

Mustang Panda

Score: 28.11

Matched TTPs:

T1587.001 - Malware
T1091 - Replication Through Removable Media
T1608.001 - Upload Malware
T1070 - Indicator Removal
T1588.002 - Tool
T1001.003 - Protocol or Service Impersonation
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

TeamTNT

Score: 6.90

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1680 - Local Storage Discovery

MITREへのリンク →

FIN7

Score: 20.41

Matched TTPs:

T1587.001 - Malware
T1091 - Replication Through Removable Media
T1608.001 - Upload Malware
T1674 - Input Injection
T1588.002 - Tool
T1564.001 - Hidden Files and Directories
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

HAFNIUM

Score: 16.93

Matched TTPs:

T1583.005 - Botnet
T1584.005 - Botnet
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

APT5

Score: 7.47

Matched TTPs:

T1583.005 - Botnet
T1070 - Indicator Removal

MITREへのリンク →

Gamaredon Group

Score: 10.39

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.001 - Upload Malware
T1588.002 - Tool
T1001 - Data Obfuscation

MITREへのリンク →

Darkhotel

Score: 5.63

Matched TTPs:

T1091 - Replication Through Removable Media
T1124 - System Time Discovery

MITREへのリンク →

APT28

Score: 14.81

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.002 - Tool
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Tropic Trooper

Score: 11.20

Matched TTPs:

T1091 - Replication Through Removable Media
T1564.001 - Hidden Files and Directories
T1680 - Local Storage Discovery
T1078.003 - Local Accounts

MITREへのリンク →

TA2541

Score: 8.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

Earth Lusca

Score: 5.28

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

Threat Group-3390

Score: 9.13

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1055.012 - Process Hollowing
T1588.003 - Code Signing Certificates

MITREへのリンク →

TA505

Score: 5.28

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

BlackByte

Score: 5.12

Matched TTPs:

T1608.001 - Upload Malware
T1055.012 - Process Hollowing

MITREへのリンク →

APT32

Score: 10.90

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1078.003 - Local Accounts

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 6.44

Matched TTPs:

T1608.001 - Upload Malware
T1070 - Indicator Removal
T1588.002 - Tool

MITREへのリンク →

Ember Bear

Score: 6.30

Matched TTPs:

T1195 - Supply Chain Compromise
T1588.001 - Malware

MITREへのリンク →

LAPSUS$

Score: 7.15

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool
T1213.005 - Messaging Applications

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

APT1

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Aquatic Panda

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Andariel

Score: 6.30

Matched TTPs:

T1588.001 - Malware
T1592.002 - Software

MITREへのリンク →

BackdoorDiplomacy

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Scattered Spider

Score: 13.52

Matched TTPs:

T1588.001 - Malware
T1657 - Financial Theft
T1588.002 - Tool
T1136 - Create Account
T1213.005 - Messaging Applications

MITREへのリンク →

Axiom

Score: 8.16

Matched TTPs:

T1584.005 - Botnet
T1001.002 - Steganography

MITREへのリンク →

Volt Typhoon

Score: 9.90

Matched TTPs:

T1584.005 - Botnet
T1588.002 - Tool
T1680 - Local Storage Discovery
T1124 - System Time Discovery

MITREへのリンク →

INC Ransom

Score: 3.37

Matched TTPs:

T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

Cinnamon Tempest

Score: 3.37

Matched TTPs:

T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

Medusa Group

Score: 7.91

Matched TTPs:

T1657 - Financial Theft
T1588.002 - Tool
T1218.014 - MMC

MITREへのリンク →

APT33

Score: 7.73

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Wizard Spider

Score: 10.88

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Magic Hound

Score: 10.84

Matched TTPs:

T1588.002 - Tool
T1592.002 - Software
T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

BlackTech

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1588.003 - Code Signing Certificates

MITREへのリンク →

Storm-1811

Score: 6.99

Matched TTPs:

T1588.002 - Tool
T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

BRONZE BUTLER

Score: 3.44

Matched TTPs:

T1588.002 - Tool
T1124 - System Time Discovery

MITREへのリンク →

menuPass

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

FIN8

Score: 6.75

Matched TTPs:

T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN6

Score: 6.12

Matched TTPs:

T1588.002 - Tool
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Patchwork

Score: 6.83

Matched TTPs:

T1588.002 - Tool
T1055.012 - Process Hollowing
T1680 - Local Storage Discovery

MITREへのリンク →

Sea Turtle

Score: 3.52

Matched TTPs:

T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Thrip

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN10

Score: 3.52

Matched TTPs:

T1588.002 - Tool
T1078.003 - Local Accounts

MITREへのリンク →

Dragonfly

Score: 4.47

Matched TTPs:

T1588.002 - Tool
T1036.010 - Masquerade Account Name

MITREへのリンク →

APT38

Score: 5.39

Matched TTPs:

T1588.002 - Tool
T1036.006 - Space after Filename

MITREへのリンク →

Gorgon Group

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

Chimera

Score: 6.27

Matched TTPs:

T1588.002 - Tool
T1680 - Local Storage Discovery
T1124 - System Time Discovery

MITREへのリンク →

Higaisa

Score: 9.27

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1680 - Local Storage Discovery
T1124 - System Time Discovery

MITREへのリンク →

APT3

Score: 3.62

Matched TTPs:

T1036.010 - Masquerade Account Name

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

ToddyCat

Score: 5.36

Matched TTPs:

T1680 - Local Storage Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1056.004 - Credential API Hooking

MITREへのリンク →

Fox Kitten

Score: 3.84

Matched TTPs:

T1213.005 - Messaging Applications

MITREへのリンク →

Velvet Ant

Score: 6.80

Matched TTPs:

T1078.003 - Local Accounts
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.81

Matched TTPs:

T1070 - Indicator Removal
T1680 - Local Storage Discovery
T1587.001 - Malware
T1588.002 - Tool
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1564.001 - Hidden Files and Directories
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

Mustang Panda

Score: 0.81

Matched TTPs:

T1070 - Indicator Removal
T1091 - Replication Through Removable Media
T1587.001 - Malware
T1588.003 - Code Signing Certificates
T1588.002 - Tool
T1564.001 - Hidden Files and Directories
T1608.001 - Upload Malware
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

FIN7

Score: 0.66

Matched TTPs:

T1091 - Replication Through Removable Media
T1587.001 - Malware
T1588.002 - Tool
T1124 - System Time Discovery
T1564.001 - Hidden Files and Directories
T1608.001 - Upload Malware
T1674 - Input Injection
T1078.003 - Local Accounts

MITREへのリンク →

Contagious Interview

Score: 0.66

Matched TTPs:

T1657 - Financial Theft
T1587.001 - Malware
T1204.004 - Malicious Copy and Paste
T1588.002 - Tool
T1566.003 - Spearphishing via Service
T1547.013 - XDG Autostart Entries
T1608.001 - Upload Malware
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Kimsuky

Score: 0.59

Matched TTPs:

T1680 - Local Storage Discovery
T1657 - Financial Theft
T1587.001 - Malware
T1588.003 - Code Signing Certificates
T1588.002 - Tool
T1055.012 - Process Hollowing
T1608.001 - Upload Malware
T1078.003 - Local Accounts

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る