Trusted Design

ELISE: Security Through Obesity

概要

Taiwan has long been subjected to persistent targeting from espionage motivated threat actors. This blog presents our analysis of one of the latest malware variants targeting individuals in Taiwan, which exhibits some interesting characteristics that can be useful for detecting and defending against the threat – including the creation of an obese file, weighing in at 500MB, as part of its execution.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 17.25
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 15.88
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 3.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dark Caracal

Score: 4.12
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 3.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Darkhotel

Score: 4.65
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Transparent Tribe

Score: 3.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT28

Score: 19.13
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
  • T1137.002 - Office Test
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Leviathan

Score: 14.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1197 - BITS Jobs
  • T1027.015 - Compression
MITREへのリンク →

Sidewinder

Score: 3.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT39

Score: 6.60
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

Saint Bear

Score: 5.06
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT33

Score: 3.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BITTER

Score: 8.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 5.13
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
MITREへのリンク →

Higaisa

Score: 7.81
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

APT19

Score: 3.16
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Threat Group-3390

Score: 9.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

TA2541

Score: 6.72
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 6.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1614.001 - System Language Discovery
MITREへのリンク →

Magic Hound

Score: 7.74
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1573 - Encrypted Channel
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 7.87
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 11.31
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
MITREへのリンク →

Mofang

Score: 4.75
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1027.015 - Compression
MITREへのリンク →

Contagious Interview

Score: 19.04
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

menuPass

Score: 5.35
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
MITREへのリンク →

Moses Staff

Score: 3.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
MITREへのリンク →

TeamTNT

Score: 9.42
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
MITREへのリンク →

OilRig

Score: 20.90
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 7.25
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 16.22
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1027.015 - Compression
MITREへのリンク →

Turla

Score: 7.28
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Kimsuky

Score: 7.92
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN13

Score: 5.85
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
MITREへのリンク →

UNC3886

Score: 7.72
Matched TTPs:
  • T1587.001 - Malware
  • T1681 - Search Threat Vendor Data
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
MITREへのリンク →

Sandworm Team

Score: 15.45
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT29

Score: 9.73
Matched TTPs:
  • T1587.001 - Malware
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aoqin Dragon

Score: 5.78
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 4.38
Matched TTPs:
  • T1587.001 - Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Ke3chang

Score: 13.01
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.002 - Right-to-Left Override
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
MITREへのリンク →

Mustang Panda

Score: 18.09
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1678 - Delay Execution
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN7

Score: 10.17
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1674 - Input Injection
MITREへのリンク →

BRONZE BUTLER

Score: 11.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
MITREへのリンク →

Agrius

Score: 3.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
MITREへのリンク →

Molerats

Score: 4.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 8.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
MITREへのリンク →

ZIRCONIUM

Score: 3.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
MITREへのリンク →

MuddyWater

Score: 9.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 3.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
MITREへのリンク →

BlackByte

Score: 7.16
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1614.001 - System Language Discovery
MITREへのリンク →

Rocke

Score: 7.48
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
MITREへのリンク →

LazyScripter

Score: 4.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
MITREへのリンク →

EXOTIC LILY

Score: 5.99
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 7.52
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 7.00
Matched TTPs:
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA551

Score: 5.22
Matched TTPs:
  • T1036 - Masquerading
  • T1027.003 - Steganography
MITREへのリンク →

Ferocious Kitten

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

BlackTech

Score: 4.93
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

APT3

Score: 3.78
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 6.81
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
MITREへのリンク →

APT41

Score: 7.22
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
MITREへのリンク →

Andariel

Score: 4.53
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
MITREへのリンク →

Patchwork

Score: 4.93
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
MITREへのリンク →

Sea Turtle

Score: 5.12
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Storm-0501

Score: 3.62
Matched TTPs:
  • T1614.001 - System Language Discovery
MITREへのリンク →

Wizard Spider

Score: 3.44
Matched TTPs:
  • T1197 - BITS Jobs
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Scattered Spider

Score: 4.54
Matched TTPs:
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.80
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1587.001 - Malware
  • T1027.013 - Encrypted/Encoded File
  • T1036 - Masquerading
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT28

Score: 0.76
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1211 - Exploitation for Defense Evasion
  • T1140 - Deobfuscate/Decode Files or Information
  • T1137.002 - Office Test
  • T1203 - Exploitation for Client Execution
  • T1027.013 - Encrypted/Encoded File
  • T1036 - Masquerading
MITREへのリンク →

Contagious Interview

Score: 0.74
Matched TTPs:
  • T1204.004 - Malicious Copy and Paste
  • T1608.001 - Upload Malware
  • T1681 - Search Threat Vendor Data
  • T1587.001 - Malware
  • T1027.013 - Encrypted/Encoded File
  • T1036 - Masquerading
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Mustang Panda

Score: 0.72
Matched TTPs:
  • T1678 - Delay Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1587.001 - Malware
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Lazarus Group

Score: 0.70
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1587.001 - Malware
  • T1027.013 - Encrypted/Encoded File
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Moonstone Sleet

Score: 0.68
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1587.001 - Malware
  • T1027.013 - Encrypted/Encoded File
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gamaredon Group

Score: 0.65
Matched TTPs:
  • T1027.015 - Compression
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027.004 - Compile After Delivery
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1587.001 - Malware
  • T1036 - Masquerading
MITREへのリンク →

Leviathan

Score: 0.62
Matched TTPs:
  • T1027.015 - Compression
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
  • T1027.003 - Steganography
  • T1027.013 - Encrypted/Encoded File
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る