Trusted Design

ELISE: Security Through Obesity

概要

Taiwan has long been subjected to persistent targeting from espionage motivated threat actors. This blog presents our analysis of one of the latest malware variants targeting individuals in Taiwan, which exhibits some interesting characteristics that can be useful for detecting and defending against the threat – including the creation of an obese file, weighing in at 500MB, as part of its execution.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 17.25
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 15.88
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 4.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 4.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

APT28

Score: 19.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Leviathan

Score: 14.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1001.003 - Protocol or Service Impersonation
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 6.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Saint Bear

Score: 5.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

APT33

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 8.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 5.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Higaisa

Score: 7.81
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

APT19

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Threat Group-3390

Score: 9.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 6.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 6.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Magic Hound

Score: 7.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1683 - Generate Content
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 7.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 11.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Mofang

Score: 4.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 19.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

menuPass

Score: 5.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Moses Staff

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
MITREへのリンク →

TeamTNT

Score: 9.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

OilRig

Score: 20.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 7.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 16.22
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1546.017 - Udev Rules
MITREへのリンク →

Turla

Score: 7.28
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Kimsuky

Score: 7.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
MITREへのリンク →

FIN13

Score: 5.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

UNC3886

Score: 7.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 15.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
MITREへのリンク →

APT29

Score: 9.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aoqin Dragon

Score: 5.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 4.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.011 - Lua
MITREへのリンク →

Ke3chang

Score: 13.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1685.005 - Clear Windows Event Logs
  • T1059.011 - Lua
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Mustang Panda

Score: 18.09
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1169 - Sudo
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
MITREへのリンク →

FIN7

Score: 10.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
MITREへのリンク →

BRONZE BUTLER

Score: 11.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Agrius

Score: 3.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Molerats

Score: 4.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 8.86
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

ZIRCONIUM

Score: 3.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

MuddyWater

Score: 9.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
MITREへのリンク →

Winter Vivern

Score: 3.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

BlackByte

Score: 7.16
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Rocke

Score: 7.48
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
MITREへのリンク →

LazyScripter

Score: 4.16
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

EXOTIC LILY

Score: 5.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 7.52
Matched TTPs:
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 7.00
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 5.22
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Ferocious Kitten

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

BlackTech

Score: 4.93
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

APT3

Score: 3.78
Matched TTPs:
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 6.81
Matched TTPs:
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

APT41

Score: 7.22
Matched TTPs:
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Andariel

Score: 4.53
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Patchwork

Score: 4.93
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Sea Turtle

Score: 5.12
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Storm-0501

Score: 3.62
Matched TTPs:
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Wizard Spider

Score: 3.44
Matched TTPs:
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Scattered Spider

Score: 4.54
Matched TTPs:
  • T1027.002 - Software Packing
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1005 - Data from Local System
  • T1547.008 - LSASS Driver
  • T1558 - Steal or Forge Kerberos Tickets
  • T1091 - Replication Through Removable Media
  • T1552.005 - Cloud Instance Metadata API
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT28

Score: 0.76
Matched TTPs:
  • T1566.003 - Spearphishing via Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.005 - Cloud Instance Metadata API
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1588.003 - Code Signing Certificates
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Contagious Interview

Score: 0.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1547.008 - LSASS Driver
  • T1221 - Template Injection
  • T1558 - Steal or Forge Kerberos Tickets
  • T1091 - Replication Through Removable Media
  • T1491.002 - External Defacement
MITREへのリンク →

Mustang Panda

Score: 0.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1169 - Sudo
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
MITREへのリンク →

Lazarus Group

Score: 0.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1132.001 - Standard Encoding
  • T1547.008 - LSASS Driver
  • T1055.005 - Thread Local Storage
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Moonstone Sleet

Score: 0.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1132.001 - Standard Encoding
  • T1547.008 - LSASS Driver
  • T1091 - Replication Through Removable Media
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
MITREへのリンク →

Gamaredon Group

Score: 0.65
Matched TTPs:
  • T1059.013 - Container CLI/API
  • T1091 - Replication Through Removable Media
  • T1552.005 - Cloud Instance Metadata API
  • T1546.017 - Udev Rules
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
MITREへのリンク →

Leviathan

Score: 0.62
Matched TTPs:
  • T1546.017 - Udev Rules
  • T1491.002 - External Defacement
  • T1001.003 - Protocol or Service Impersonation
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る