Trusted Design

MMD-0047-2015 - SSHV: SSH bruter ELF botnet malware

概要

Several actors in particularly from the People's Republic of China (PRC) have been using Linux ELF malware to overcome and conquer Linux with malicious usage from its system internals (kernel), its web services supported with various script programming, and vulnerabilities of its remote management access. The usage for Linux as the biggest backbone in our internet services, and its OS flexibility to support a lot of processor architecture has made Linux OS as a majority in market of embedded platform used in our the Internet of Things, from routers to television, from web camera to car control system.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

APT41

Score: 16.10
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

Rocke

Score: 8.04
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 9.88
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT28

Score: 13.31
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

UNC3886

Score: 12.48
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 15.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

FIN13

Score: 12.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Moonstone Sleet

Score: 6.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Indrik Spider

Score: 6.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

Lazarus Group

Score: 22.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1558.005 - Ccache Files
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 7.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

OilRig

Score: 15.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 17.48
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT29

Score: 12.53
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Play

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 8.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558.005 - Ccache Files
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Turla

Score: 12.36
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1590.003 - Network Trust Dependencies
  • T1097 - Pass the Ticket
  • T1569.002 - Service Execution
MITREへのリンク →

Ke3chang

Score: 12.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 14.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
MITREへのリンク →

FIN7

Score: 9.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HAFNIUM

Score: 8.94
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT5

Score: 11.09
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1622 - Debugger Evasion
MITREへのリンク →

BRONZE BUTLER

Score: 11.15
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1008 - Fallback Channels
MITREへのリンク →

Aquatic Panda

Score: 4.17
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

Chimera

Score: 8.86
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.003 - Network Trust Dependencies
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Earth Lusca

Score: 5.97
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Volt Typhoon

Score: 12.19
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 4.17
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

Medusa Group

Score: 18.71
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Higaisa

Score: 6.71
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

BlackTech

Score: 5.25
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 4.26
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Tropic Trooper

Score: 10.15
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

ToddyCat

Score: 3.76
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

menuPass

Score: 5.40
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

APT37

Score: 7.40
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Gamaredon Group

Score: 4.26
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT38

Score: 10.83
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1097 - Pass the Ticket
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA505

Score: 4.26
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Silence

Score: 6.33
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA2541

Score: 4.72
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Threat Group-3390

Score: 4.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackByte

Score: 7.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BITTER

Score: 7.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 9.71
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HEXANE

Score: 6.14
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1097 - Pass the Ticket
  • T1622 - Debugger Evasion
MITREへのリンク →

Saint Bear

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 4.72
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Ember Bear

Score: 5.49
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 6.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1683 - Generate Content
  • T1622 - Debugger Evasion
MITREへのリンク →

Storm-0501

Score: 6.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Fox Kitten

Score: 5.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 5.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1622 - Debugger Evasion
MITREへのリンク →

Blue Mockingbird

Score: 10.05
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

Leviathan

Score: 4.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

INC Ransom

Score: 5.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Dragonfly

Score: 7.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

Axiom

Score: 12.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

APT39

Score: 10.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Patchwork

Score: 6.43
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

Cobalt Group

Score: 5.89
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
MITREへのリンク →

APT3

Score: 3.14
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

Velvet Ant

Score: 8.07
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

FIN6

Score: 6.79
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN8

Score: 4.39
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
MITREへのリンク →

RTM

Score: 6.21
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

Scattered Spider

Score: 4.58
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

Wizard Spider

Score: 4.05
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1558.005 - Ccache Files
  • T1055.005 - Thread Local Storage
  • T1590.003 - Network Trust Dependencies
  • T1569.002 - Service Execution
  • T1622 - Debugger Evasion
  • T1606.002 - SAML Tokens
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Medusa Group

Score: 0.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1094 - Custom Command and Control Protocol
  • T1590.003 - Network Trust Dependencies
  • T1027.007 - Dynamic API Resolution
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Sandworm Team

Score: 0.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1091 - Replication Through Removable Media
  • T1075 - Pass the Hash
  • T1590.003 - Network Trust Dependencies
  • T1049 - System Network Connections Discovery
  • T1606.002 - SAML Tokens
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1008 - Fallback Channels
  • T1091 - Replication Through Removable Media
  • T1622 - Debugger Evasion
  • T1565.002 - Transmitted Data Manipulation
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1008 - Fallback Channels
  • T1097 - Pass the Ticket
  • T1027.007 - Dynamic API Resolution
  • T1622 - Debugger Evasion
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

Mustang Panda

Score: 0.57
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1091 - Replication Through Removable Media
  • T1055.005 - Thread Local Storage
  • T1590.003 - Network Trust Dependencies
  • T1565.002 - Transmitted Data Manipulation
  • T1606.002 - SAML Tokens
MITREへのリンク →

OilRig

Score: 0.56
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
  • T1091 - Replication Through Removable Media
  • T1097 - Pass the Ticket
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
  • T1606.002 - SAML Tokens
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る