Trusted Design

ZBot Malware

概要

The Trojans designed to steal money from bank accounts pose a serious threat to Android users. The Android.ZBot Trojan is one of these malicious programs. Its different modifications target mobile devices of Russian users from February 2015. This Trojan is interesting due to its ability to steal logins, passwords, and other confidential data by displaying fraudulent authentication forms on top of any applications. The appearance of such forms is generated on cybercriminals’ command. What is more, they are “tied” to the attacked applications, which creates an illusion that they are legitimate and belong to the corresponding software. According to Doctor Web specialists, the devices infected by Android.ZBot are grouped into botnets, the number of which is now more than ten. However, it is possible that their quantity will be constantly increasing, because virus writers are still busy distributing this malicious program.

Created: 2026-02-23

Indicators

類似Pulses

Attack on Zygote: a new twist in the evolution of mobile threats (score: 0.82)
Android Trojan Xbot Phishes Credit Cards and Bank Accounts (score: 0.76)
Banking Trojan infected dozens of Android apps worldwide (score: 0.75)
A Look Into The New Strain Of BankBot (score: 0.74)
BankBot Found on Google Play and Targets Ten New UAE Banking Apps (score: 0.74)

このPulseに関連する脅威アクター (事実ベース)

Mustard Tempest

Score: 6.51

Matched TTPs:

T1682 - Query Public AI Services
T1091 - Replication Through Removable Media

MITREへのリンク →

Kimsuky

Score: 19.24

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1199 - Trusted Relationship
T1001 - Data Obfuscation
T1526 - Cloud Service Discovery
T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN13

Score: 12.67

Matched TTPs:

T1606.002 - SAML Tokens
T1552.003 - Shell History
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer
T1686.001 - Cloud Firewall

MITREへのリンク →

Moonstone Sleet

Score: 6.59

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

Indrik Spider

Score: 5.94

Matched TTPs:

T1606.002 - SAML Tokens
T1498 - Network Denial of Service

MITREへのリンク →

Lazarus Group

Score: 27.90

Matched TTPs:

T1606.002 - SAML Tokens
T1677 - Poisoned Pipeline Execution
T1199 - Trusted Relationship
T1567.002 - Exfiltration to Cloud Storage
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Contagious Interview

Score: 21.79

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1199 - Trusted Relationship
T1651 - Cloud Administration Command
T1221 - Template Injection
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

OilRig

Score: 17.18

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

UNC3886

Score: 7.15

Matched TTPs:

T1606.002 - SAML Tokens
T1136.002 - Domain Account
T1578.001 - Create Snapshot

MITREへのリンク →

LuminousMoth

Score: 13.08

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sandworm Team

Score: 16.23

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1187 - Forced Authentication

MITREへのリンク →

Salt Typhoon

Score: 9.54

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1498 - Network Denial of Service
T1556 - Modify Authentication Process

MITREへのリンク →

APT29

Score: 8.13

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1547.008 - LSASS Driver
T1490 - Inhibit System Recovery

MITREへのリンク →

Play

Score: 8.13

Matched TTPs:

T1606.002 - SAML Tokens
T1552.003 - Shell History
T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Aoqin Dragon

Score: 5.98

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1199 - Trusted Relationship

MITREへのリンク →

RedCurl

Score: 4.76

Matched TTPs:

T1606.002 - SAML Tokens
T1105 - Ingress Tool Transfer

MITREへのリンク →

Turla

Score: 10.66

Matched TTPs:

T1606.002 - SAML Tokens
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1578.001 - Create Snapshot
T1490 - Inhibit System Recovery

MITREへのリンク →

Ke3chang

Score: 6.79

Matched TTPs:

T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1199 - Trusted Relationship

MITREへのリンク →

Mustang Panda

Score: 28.11

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1677 - Poisoned Pipeline Execution
T1199 - Trusted Relationship
T1567.002 - Exfiltration to Cloud Storage
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

TeamTNT

Score: 6.90

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1665 - Hide Infrastructure

MITREへのリンク →

FIN7

Score: 20.41

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1011.001 - Exfiltration Over Bluetooth
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer
T1578.001 - Create Snapshot
T1490 - Inhibit System Recovery

MITREへのリンク →

HAFNIUM

Score: 16.93

Matched TTPs:

T1027.008 - Stripped Payloads
T1049 - System Network Connections Discovery
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

APT5

Score: 7.47

Matched TTPs:

T1027.008 - Stripped Payloads
T1677 - Poisoned Pipeline Execution

MITREへのリンク →

Gamaredon Group

Score: 10.39

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1061 - Graphical User Interface

MITREへのリンク →

Darkhotel

Score: 5.63

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1578.001 - Create Snapshot

MITREへのリンク →

APT28

Score: 14.81

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1566.003 - Spearphishing via Service

MITREへのリンク →

Tropic Trooper

Score: 11.20

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

TA2541

Score: 8.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

Earth Lusca

Score: 5.28

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Threat Group-3390

Score: 9.13

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1001 - Data Obfuscation
T1526 - Cloud Service Discovery

MITREへのリンク →

TA505

Score: 5.28

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

BlackByte

Score: 5.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1001 - Data Obfuscation

MITREへのリンク →

APT32

Score: 10.90

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process
T1490 - Inhibit System Recovery

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 6.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1677 - Poisoned Pipeline Execution
T1199 - Trusted Relationship

MITREへのリンク →

Ember Bear

Score: 6.30

Matched TTPs:

T1005 - Data from Local System
T1136.002 - Domain Account

MITREへのリンク →

LAPSUS$

Score: 7.15

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship
T1588.005 - Exploits

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

APT1

Score: 3.31

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Aquatic Panda

Score: 3.31

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Andariel

Score: 6.30

Matched TTPs:

T1136.002 - Domain Account
T1187 - Forced Authentication

MITREへのリンク →

BackdoorDiplomacy

Score: 3.31

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Scattered Spider

Score: 13.52

Matched TTPs:

T1136.002 - Domain Account
T1552.003 - Shell History
T1199 - Trusted Relationship
T1498 - Network Denial of Service
T1588.005 - Exploits

MITREへのリンク →

Axiom

Score: 8.16

Matched TTPs:

T1049 - System Network Connections Discovery
T1160 - Launch Daemon

MITREへのリンク →

Volt Typhoon

Score: 9.90

Matched TTPs:

T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

INC Ransom

Score: 3.37

Matched TTPs:

T1552.003 - Shell History
T1199 - Trusted Relationship

MITREへのリンク →

Cinnamon Tempest

Score: 3.37

Matched TTPs:

T1552.003 - Shell History
T1199 - Trusted Relationship

MITREへのリンク →

Medusa Group

Score: 7.91

Matched TTPs:

T1552.003 - Shell History
T1199 - Trusted Relationship
T1094 - Custom Command and Control Protocol

MITREへのリンク →

APT33

Score: 7.73

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

Wizard Spider

Score: 10.88

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1556 - Modify Authentication Process

MITREへのリンク →

Magic Hound

Score: 10.84

Matched TTPs:

T1199 - Trusted Relationship
T1187 - Forced Authentication
T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

BlackTech

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

Storm-1811

Score: 6.99

Matched TTPs:

T1199 - Trusted Relationship
T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

BRONZE BUTLER

Score: 3.44

Matched TTPs:

T1199 - Trusted Relationship
T1578.001 - Create Snapshot

MITREへのリンク →

menuPass

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

FIN8

Score: 6.75

Matched TTPs:

T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1556 - Modify Authentication Process

MITREへのリンク →

FIN6

Score: 6.12

Matched TTPs:

T1199 - Trusted Relationship
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Patchwork

Score: 6.83

Matched TTPs:

T1199 - Trusted Relationship
T1001 - Data Obfuscation
T1665 - Hide Infrastructure

MITREへのリンク →

Sea Turtle

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Thrip

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

FIN10

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Dragonfly

Score: 4.47

Matched TTPs:

T1199 - Trusted Relationship
T1578.002 - Create Cloud Instance

MITREへのリンク →

APT38

Score: 5.39

Matched TTPs:

T1199 - Trusted Relationship
T1059.005 - Visual Basic

MITREへのリンク →

Gorgon Group

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

Chimera

Score: 6.27

Matched TTPs:

T1199 - Trusted Relationship
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

Higaisa

Score: 9.27

Matched TTPs:

T1567.002 - Exfiltration to Cloud Storage
T1665 - Hide Infrastructure
T1578.001 - Create Snapshot

MITREへのリンク →

APT3

Score: 3.62

Matched TTPs:

T1578.002 - Create Cloud Instance

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

ToddyCat

Score: 5.36

Matched TTPs:

T1665 - Hide Infrastructure
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1686 - Disable or Modify System Firewall

MITREへのリンク →

Fox Kitten

Score: 3.84

Matched TTPs:

T1588.005 - Exploits

MITREへのリンク →

Velvet Ant

Score: 6.80

Matched TTPs:

T1490 - Inhibit System Recovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.81

Matched TTPs:

T1578.001 - Create Snapshot
T1677 - Poisoned Pipeline Execution
T1556 - Modify Authentication Process
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver
T1199 - Trusted Relationship
T1606.002 - SAML Tokens
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

Mustang Panda

Score: 0.81

Matched TTPs:

T1677 - Poisoned Pipeline Execution
T1058 - Service Registry Permissions Weakness
T1556 - Modify Authentication Process
T1105 - Ingress Tool Transfer
T1091 - Replication Through Removable Media
T1055.005 - Thread Local Storage
T1199 - Trusted Relationship
T1606.002 - SAML Tokens
T1526 - Cloud Service Discovery
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

FIN7

Score: 0.66

Matched TTPs:

T1578.001 - Create Snapshot
T1058 - Service Registry Permissions Weakness
T1105 - Ingress Tool Transfer
T1091 - Replication Through Removable Media
T1011.001 - Exfiltration Over Bluetooth
T1199 - Trusted Relationship
T1606.002 - SAML Tokens
T1490 - Inhibit System Recovery

MITREへのリンク →

Contagious Interview

Score: 0.66

Matched TTPs:

T1221 - Template Injection
T1556 - Modify Authentication Process
T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver
T1199 - Trusted Relationship
T1606.002 - SAML Tokens
T1552.003 - Shell History
T1651 - Cloud Administration Command

MITREへのリンク →

Kimsuky

Score: 0.59

Matched TTPs:

T1001 - Data Obfuscation
T1665 - Hide Infrastructure
T1091 - Replication Through Removable Media
T1490 - Inhibit System Recovery
T1199 - Trusted Relationship
T1606.002 - SAML Tokens
T1552.003 - Shell History
T1526 - Cloud Service Discovery

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る