Trusted Design

Gootkit banking Trojan jumps the Channel

概要

First documented in mid-2014, the Gootkit banking Trojan appeared to focus solely on customers from several French banks. This JavaScript-based malware combines web-injects (a la Zeus) and a clever persistence technique to create a robust tool for stealing online banking logins and other credentials from users of infected systems. In 2015, Gootkit integrated certain fileless features previously noted in Poweliks, and it has also been observed being dropped directly by Angler EK or indirectly via Bedep.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Gootkit banking Trojan jumps the Channel (score: 0.79)
Gootkit Trojan (score: 0.76)
Gootkit Trojan (score: 0.76)
GootKit Updated (score: 0.72)
New Banking Trojan Fobber, a new variant of Tinba (score: 0.70)

このPulseに関連する脅威アクター (事実ベース)

APT32

Score: 24.37

Matched TTPs:

T1113 - Screen Capture
T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1608.005 - Link Target
T1087.004 - Cloud Account
T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Turla

Score: 22.25

Matched TTPs:

T1113 - Screen Capture
T1546.013 - PowerShell Profile
T1684 - Social Engineering
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1556.009 - Conditional Access Policies
T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

Saint Bear

Score: 5.96

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

MoustachedBouncer

Score: 6.51

Matched TTPs:

T1546.013 - PowerShell Profile
T1055.003 - Thread Execution Hijacking

MITREへのリンク →

MuddyWater

Score: 5.96

Matched TTPs:

T1546.013 - PowerShell Profile
T1608.005 - Link Target
T1087.004 - Cloud Account

MITREへのリンク →

Earth Lusca

Score: 11.35

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Winter Vivern

Score: 13.87

Matched TTPs:

T1546.013 - PowerShell Profile
T1548 - Abuse Elevation Control Mechanism
T1087.004 - Cloud Account
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Silence

Score: 4.43

Matched TTPs:

T1546.013 - PowerShell Profile
T1684 - Social Engineering

MITREへのリンク →

Contagious Interview

Score: 14.99

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1608.005 - Link Target
T1087.004 - Cloud Account
T1651 - Cloud Administration Command

MITREへのリンク →

LazyScripter

Score: 5.96

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

TA505

Score: 3.95

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media

MITREへのリンク →

FIN7

Score: 15.83

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media
T1011.001 - Exfiltration Over Bluetooth
T1608.005 - Link Target
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Cobalt Group

Score: 7.18

Matched TTPs:

T1546.013 - PowerShell Profile
T1684 - Social Engineering
T1027.014 - Polymorphic Code

MITREへのリンク →

Higaisa

Score: 11.64

Matched TTPs:

T1546.013 - PowerShell Profile
T1569.003 - Systemctl
T1087.004 - Cloud Account
T1546.017 - Udev Rules

MITREへのリンク →

Kimsuky

Score: 21.48

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1552.003 - Shell History
T1608.005 - Link Target
T1087.004 - Cloud Account
T1027.014 - Polymorphic Code
T1526 - Cloud Service Discovery
T1490 - Inhibit System Recovery

MITREへのリンク →

Indrik Spider

Score: 5.82

Matched TTPs:

T1546.013 - PowerShell Profile
T1498 - Network Denial of Service

MITREへのリンク →

Molerats

Score: 5.12

Matched TTPs:

T1546.013 - PowerShell Profile
T1546.017 - Udev Rules

MITREへのリンク →

Leafminer

Score: 3.74

Matched TTPs:

T1546.013 - PowerShell Profile
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustang Panda

Score: 17.88

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1087.004 - Cloud Account
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer

MITREへのリンク →

TA578

Score: 3.99

Matched TTPs:

T1546.013 - PowerShell Profile
T1608.005 - Link Target

MITREへのリンク →

Star Blizzard

Score: 3.95

Matched TTPs:

T1546.013 - PowerShell Profile
T1091 - Replication Through Removable Media

MITREへのリンク →

Sandworm Team

Score: 3.95

Matched TTPs:

T1091 - Replication Through Removable Media
T1087.004 - Cloud Account

MITREへのリンク →

TA2541

Score: 9.60

Matched TTPs:

T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1608.005 - Link Target
T1546.017 - Udev Rules

MITREへのリンク →

LuminousMoth

Score: 6.61

Matched TTPs:

T1091 - Replication Through Removable Media
T1087.004 - Cloud Account
T1105 - Ingress Tool Transfer

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

OilRig

Score: 13.28

Matched TTPs:

T1091 - Replication Through Removable Media
T1592.002 - Software
T1556.009 - Conditional Access Policies
T1526 - Cloud Service Discovery

MITREへのリンク →

Gamaredon Group

Score: 14.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1608.005 - Link Target
T1087.004 - Cloud Account
T1200 - Hardware Additions
T1546.017 - Udev Rules

MITREへのリンク →

Threat Group-3390

Score: 14.17

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.003 - CMSTP
T1059.012 - Hypervisor CLI
T1526 - Cloud Service Discovery
T1546.017 - Udev Rules

MITREへのリンク →

BlackByte

Score: 6.40

Matched TTPs:

T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1087.004 - Cloud Account

MITREへのリンク →

APT38

Score: 7.85

Matched TTPs:

T1684 - Social Engineering
T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution

MITREへのリンク →

Wizard Spider

Score: 11.20

Matched TTPs:

T1684 - Social Engineering
T1087.004 - Cloud Account
T1556.009 - Conditional Access Policies
T1526 - Cloud Service Discovery

MITREへのリンク →

APT37

Score: 7.85

Matched TTPs:

T1684 - Social Engineering
T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution

MITREへのリンク →

Velvet Ant

Score: 5.12

Matched TTPs:

T1684 - Social Engineering
T1490 - Inhibit System Recovery

MITREへのリンク →

PLATINUM

Score: 4.22

Matched TTPs:

T1684 - Social Engineering
T1059.012 - Hypervisor CLI

MITREへのリンク →

Medusa Group

Score: 12.29

Matched TTPs:

T1218.003 - CMSTP
T1552.003 - Shell History
T1608.005 - Link Target
T1216 - System Script Proxy Execution

MITREへのリンク →

FIN13

Score: 5.19

Matched TTPs:

T1552.003 - Shell History
T1105 - Ingress Tool Transfer

MITREへのリンク →

Storm-0501

Score: 5.27

Matched TTPs:

T1552.003 - Shell History
T1027.014 - Polymorphic Code

MITREへのリンク →

Scattered Spider

Score: 8.34

Matched TTPs:

T1552.003 - Shell History
T1087.004 - Cloud Account
T1498 - Network Denial of Service

MITREへのリンク →

Play

Score: 5.19

Matched TTPs:

T1552.003 - Shell History
T1490 - Inhibit System Recovery

MITREへのリンク →

HAFNIUM

Score: 11.48

Matched TTPs:

T1608.005 - Link Target
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

ZIRCONIUM

Score: 3.99

Matched TTPs:

T1608.005 - Link Target
T1087.004 - Cloud Account

MITREへのリンク →

APT28

Score: 13.73

Matched TTPs:

T1608.005 - Link Target
T1059.012 - Hypervisor CLI
T1200 - Hardware Additions
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls

MITREへのリンク →

APT29

Score: 4.68

Matched TTPs:

T1608.005 - Link Target
T1490 - Inhibit System Recovery

MITREへのリンク →

Lazarus Group

Score: 16.17

Matched TTPs:

T1608.005 - Link Target
T1087.004 - Cloud Account
T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1216 - System Script Proxy Execution

MITREへのリンク →

Confucius

Score: 7.14

Matched TTPs:

T1608.005 - Link Target
T1087.004 - Cloud Account
T1200 - Hardware Additions

MITREへのリンク →

Magic Hound

Score: 3.78

Matched TTPs:

T1608.005 - Link Target
T1059.012 - Hypervisor CLI

MITREへのリンク →

Leviathan

Score: 9.64

Matched TTPs:

T1087.004 - Cloud Account
T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI
T1546.017 - Udev Rules

MITREへのリンク →

Stealth Falcon

Score: 5.59

Matched TTPs:

T1087.004 - Cloud Account
T1556.009 - Conditional Access Policies

MITREへのリンク →

CURIUM

Score: 7.36

Matched TTPs:

T1087.004 - Cloud Account
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Inception

Score: 5.90

Matched TTPs:

T1027.014 - Polymorphic Code
T1200 - Hardware Additions

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 4.43

Matched TTPs:

T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer

MITREへのリンク →

Dragonfly

Score: 4.92

Matched TTPs:

T1059.012 - Hypervisor CLI
T1200 - Hardware Additions

MITREへのリンク →

PROMETHIUM

Score: 4.43

Matched TTPs:

T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

Tropic Trooper

Score: 8.48

Matched TTPs:

T1200 - Hardware Additions
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1498 - Network Denial of Service

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

FIN8

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT32

Score: 0.80

Matched TTPs:

T1091 - Replication Through Removable Media
T1546.013 - PowerShell Profile
T1059.012 - Hypervisor CLI
T1684 - Social Engineering
T1105 - Ingress Tool Transfer
T1113 - Screen Capture
T1490 - Inhibit System Recovery
T1027.014 - Polymorphic Code
T1608.005 - Link Target
T1087.004 - Cloud Account

MITREへのリンク →

Turla

Score: 0.77

Matched TTPs:

T1546.013 - PowerShell Profile
T1059.012 - Hypervisor CLI
T1684 - Social Engineering
T1556.009 - Conditional Access Policies
T1113 - Screen Capture
T1490 - Inhibit System Recovery
T1608.005 - Link Target
T1218.001 - Compiled HTML File

MITREへのリンク →

Kimsuky

Score: 0.70

Matched TTPs:

T1091 - Replication Through Removable Media
T1546.013 - PowerShell Profile
T1684 - Social Engineering
T1490 - Inhibit System Recovery
T1027.014 - Polymorphic Code
T1608.005 - Link Target
T1552.003 - Shell History
T1526 - Cloud Service Discovery
T1087.004 - Cloud Account

MITREへのリンク →

Mustang Panda

Score: 0.63

Matched TTPs:

T1091 - Replication Through Removable Media
T1546.013 - PowerShell Profile
T1105 - Ingress Tool Transfer
T1055.005 - Thread Local Storage
T1608.005 - Link Target
T1526 - Cloud Service Discovery
T1087.004 - Cloud Account

MITREへのリンク →

FIN7

Score: 0.62

Matched TTPs:

T1091 - Replication Through Removable Media
T1105 - Ingress Tool Transfer
T1546.013 - PowerShell Profile
T1011.001 - Exfiltration Over Bluetooth
T1490 - Inhibit System Recovery
T1608.005 - Link Target

MITREへのリンク →

Lazarus Group

Score: 0.56

Matched TTPs:

T1216 - System Script Proxy Execution
T1105 - Ingress Tool Transfer
T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1608.005 - Link Target
T1087.004 - Cloud Account

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る