Trusted Design

MMD-0047-2015 - SSHV: SSH bruter ELF botnet malware

概要

Several actors in particularly from the People's Republic of China (PRC) have been using Linux ELF malware to overcome and conquer Linux with malicious usage from its system internals (kernel), its web services supported with various script programming, and vulnerabilities of its remote management access. The usage for Linux as the biggest backbone in our internet services, and its OS flexibility to support a lot of processor architecture has made Linux OS as a majority in market of embedded platform used in our the Internet of Things, from routers to television, from web camera to car control system.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29
Matched TTPs:
  • T1014 - Rootkit
MITREへのリンク →

APT41

Score: 16.10
Matched TTPs:
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Rocke

Score: 8.04
Matched TTPs:
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TeamTNT

Score: 9.88
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
MITREへのリンク →

APT28

Score: 13.31
Matched TTPs:
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1669 - Wi-Fi Networks
MITREへのリンク →

UNC3886

Score: 12.48
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1554 - Compromise Host Software Binary
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 15.92
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219.002 - Remote Desktop Software
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

FIN13

Score: 12.68
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Moonstone Sleet

Score: 6.47
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1569.002 - Service Execution
MITREへのリンク →

Indrik Spider

Score: 6.27
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Lazarus Group

Score: 22.34
Matched TTPs:
  • T1587.001 - Malware
  • T1106 - Native API
  • T1202 - Indirect Command Execution
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Contagious Interview

Score: 7.00
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

OilRig

Score: 15.00
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
MITREへのリンク →

Sandworm Team

Score: 17.48
Matched TTPs:
  • T1587.001 - Malware
  • T1106 - Native API
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT29

Score: 12.53
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1550.003 - Pass the Ticket
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Play

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 8.97
Matched TTPs:
  • T1587.001 - Malware
  • T1202 - Indirect Command Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Turla

Score: 12.36
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1110 - Brute Force
  • T1090.001 - Internal Proxy
MITREへのリンク →

Ke3chang

Score: 12.33
Matched TTPs:
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 14.91
Matched TTPs:
  • T1587.001 - Malware
  • T1106 - Native API
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN7

Score: 9.58
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

HAFNIUM

Score: 8.94
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
MITREへのリンク →

APT5

Score: 11.09
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1554 - Compromise Host Software Binary
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 11.15
Matched TTPs:
  • T1007 - System Service Discovery
  • T1550.003 - Pass the Ticket
  • T1203 - Exploitation for Client Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Aquatic Panda

Score: 4.17
Matched TTPs:
  • T1007 - System Service Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Chimera

Score: 8.86
Matched TTPs:
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 5.97
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Volt Typhoon

Score: 12.19
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT1

Score: 4.17
Matched TTPs:
  • T1007 - System Service Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Medusa Group

Score: 18.71
Matched TTPs:
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

Higaisa

Score: 6.71
Matched TTPs:
  • T1106 - Native API
  • T1203 - Exploitation for Client Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

BlackTech

Score: 5.25
Matched TTPs:
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

SideCopy

Score: 4.26
Matched TTPs:
  • T1106 - Native API
  • T1608.001 - Upload Malware
MITREへのリンク →

Tropic Trooper

Score: 10.15
Matched TTPs:
  • T1106 - Native API
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

ToddyCat

Score: 3.76
Matched TTPs:
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

menuPass

Score: 5.40
Matched TTPs:
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT37

Score: 7.40
Matched TTPs:
  • T1106 - Native API
  • T1203 - Exploitation for Client Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Gamaredon Group

Score: 4.26
Matched TTPs:
  • T1106 - Native API
  • T1608.001 - Upload Malware
MITREへのリンク →

APT38

Score: 10.83
Matched TTPs:
  • T1106 - Native API
  • T1110 - Brute Force
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA505

Score: 4.26
Matched TTPs:
  • T1106 - Native API
  • T1608.001 - Upload Malware
MITREへのリンク →

Silence

Score: 6.33
Matched TTPs:
  • T1106 - Native API
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

TA2541

Score: 4.72
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Threat Group-3390

Score: 4.94
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackByte

Score: 7.49
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

BITTER

Score: 7.09
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 9.71
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1550.003 - Pass the Ticket
  • T1203 - Exploitation for Client Execution
  • T1569.002 - Service Execution
MITREへのリンク →

HEXANE

Score: 6.14
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1110 - Brute Force
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Saint Bear

Score: 3.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT42

Score: 4.72
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Ember Bear

Score: 5.49
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Magic Hound

Score: 6.74
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1573 - Encrypted Channel
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Storm-0501

Score: 6.92
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Fox Kitten

Score: 5.64
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 5.64
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Blue Mockingbird

Score: 10.05
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1574.012 - COR_PROFILER
MITREへのリンク →

Leviathan

Score: 4.61
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

INC Ransom

Score: 5.52
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Dragonfly

Score: 7.13
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Axiom

Score: 12.77
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

APT39

Score: 10.97
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Patchwork

Score: 6.43
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Cobalt Group

Score: 5.89
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT3

Score: 3.14
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Velvet Ant

Score: 8.07
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN6

Score: 6.79
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 4.39
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

RTM

Score: 6.21
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Scattered Spider

Score: 4.58
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

Wizard Spider

Score: 4.05
Matched TTPs:
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1202 - Indirect Command Execution
  • T1090.001 - Internal Proxy
  • T1587.001 - Malware
  • T1529 - System Shutdown/Reboot
  • T1021.001 - Remote Desktop Protocol
  • T1027.007 - Dynamic API Resolution
  • T1203 - Exploitation for Client Execution
  • T1106 - Native API
MITREへのリンク →

Medusa Group

Score: 0.67
Matched TTPs:
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
  • T1021.001 - Remote Desktop Protocol
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
  • T1190 - Exploit Public-Facing Application
  • T1106 - Native API
MITREへのリンク →

Sandworm Team

Score: 0.67
Matched TTPs:
  • T1587.001 - Malware
  • T1499 - Endpoint Denial of Service
  • T1584.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1106 - Native API
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1102.001 - Dead Drop Resolver
  • T1021.001 - Remote Desktop Protocol
  • T1190 - Exploit Public-Facing Application
  • T1608.001 - Upload Malware
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1110 - Brute Force
  • T1102.001 - Dead Drop Resolver
  • T1014 - Rootkit
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mustang Panda

Score: 0.57
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1587.001 - Malware
  • T1027.007 - Dynamic API Resolution
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1106 - Native API
MITREへのリンク →

OilRig

Score: 0.56
Matched TTPs:
  • T1110 - Brute Force
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1573.002 - Asymmetric Cryptography
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る