Trusted Design

ELISE: Security Through Obesity

概要

Taiwan has long been subjected to persistent targeting from espionage motivated threat actors. This blog presents our analysis of one of the latest malware variants targeting individuals in Taiwan, which exhibits some interesting characteristics that can be useful for detecting and defending against the threat – including the creation of an obese file, weighing in at 500MB, as part of its execution.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 17.25
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 15.88
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 4.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 4.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

APT28

Score: 19.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Leviathan

Score: 14.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1001.003 - Protocol or Service Impersonation
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 6.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Saint Bear

Score: 5.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

APT33

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 8.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 5.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Higaisa

Score: 7.81
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

APT19

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Threat Group-3390

Score: 9.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 6.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 6.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Magic Hound

Score: 7.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1683 - Generate Content
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 7.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 11.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Mofang

Score: 4.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 19.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

menuPass

Score: 5.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Moses Staff

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
MITREへのリンク →

TeamTNT

Score: 9.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

OilRig

Score: 20.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 7.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 16.22
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1546.017 - Udev Rules
MITREへのリンク →

Turla

Score: 7.28
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Kimsuky

Score: 7.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
MITREへのリンク →

FIN13

Score: 5.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

UNC3886

Score: 7.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 15.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
MITREへのリンク →

APT29

Score: 9.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aoqin Dragon

Score: 5.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 4.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.011 - Lua
MITREへのリンク →

Ke3chang

Score: 13.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1685.005 - Clear Windows Event Logs
  • T1059.011 - Lua
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Mustang Panda

Score: 18.09
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1169 - Sudo
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
MITREへのリンク →

FIN7

Score: 10.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
MITREへのリンク →

BRONZE BUTLER

Score: 11.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Agrius

Score: 3.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Molerats

Score: 4.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 8.86
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

ZIRCONIUM

Score: 3.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

MuddyWater

Score: 9.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
MITREへのリンク →

Winter Vivern

Score: 3.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

BlackByte

Score: 7.16
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Rocke

Score: 7.48
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
MITREへのリンク →

LazyScripter

Score: 4.16
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

EXOTIC LILY

Score: 5.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 7.52
Matched TTPs:
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 7.00
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 5.22
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Ferocious Kitten

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

BlackTech

Score: 4.93
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

APT3

Score: 3.78
Matched TTPs:
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 6.81
Matched TTPs:
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

APT41

Score: 7.22
Matched TTPs:
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Andariel

Score: 4.53
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Patchwork

Score: 4.93
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Sea Turtle

Score: 5.12
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Storm-0501

Score: 3.62
Matched TTPs:
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Wizard Spider

Score: 3.44
Matched TTPs:
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Scattered Spider

Score: 4.54
Matched TTPs:
  • T1027.002 - Software Packing
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.80
Matched TTPs:
  • T1005 - Data from Local System
  • T1552.005 - Cloud Instance Metadata API
  • T1091 - Replication Through Removable Media
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 0.76
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1566.003 - Spearphishing via Service
  • T1218.010 - Regsvr32
  • T1588.003 - Code Signing Certificates
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Contagious Interview

Score: 0.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Mustang Panda

Score: 0.72
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1169 - Sudo
  • T1218.010 - Regsvr32
  • T1059.011 - Lua
  • T1606.002 - SAML Tokens
MITREへのリンク →

Lazarus Group

Score: 0.70
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1491.002 - External Defacement
  • T1132.001 - Standard Encoding
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
MITREへのリンク →

Moonstone Sleet

Score: 0.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1491.002 - External Defacement
  • T1132.001 - Standard Encoding
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 0.65
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1091 - Replication Through Removable Media
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1546.017 - Udev Rules
  • T1059.013 - Container CLI/API
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1005 - Data from Local System
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1059.011 - Lua
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
MITREへのリンク →

Leviathan

Score: 0.62
Matched TTPs:
  • T1001.003 - Protocol or Service Impersonation
  • T1491.002 - External Defacement
  • T1562.011 - Spoof Security Alerting
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る