Trusted Design

Updated Blackmoon banking Trojan

概要

First analyzed in early 2014 [1] [2], the Blackmoon banking Trojan targets a user’s online banking credentials using a type of pharming that involves modifying or replacing the local Hosts file with one that redirects online banking domain lookups to an IP address controlled by the attacker. Blackmoon has been observed targeting primarily customers of South Korean online banking sites and services, and is usually distributed via drive-by download. Source : https://www.proofpoint.com/us/threat-insight/post/Updated-Blackmoon-Banking-Trojan

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 13.05
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 4.13
Matched TTPs:
  • T1539 - Steal Web Session Cookie
MITREへのリンク →

Kimsuky

Score: 32.74
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1053.002 - At
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mustang Panda

Score: 17.14
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1209 - Time Providers
MITREへのリンク →

Volt Typhoon

Score: 13.76
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1209 - Time Providers
MITREへのリンク →

APT28

Score: 24.96
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1592.003 - Firmware
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

ZIRCONIUM

Score: 9.61
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

Leviathan

Score: 19.10
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1592.003 - Firmware
  • T1059.012 - Hypervisor CLI
  • T1546.017 - Udev Rules
MITREへのリンク →

Mustard Tempest

Score: 11.56
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1053.002 - At
MITREへのリンク →

Sandworm Team

Score: 22.30
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
MITREへのリンク →

Scattered Spider

Score: 6.50
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1552.003 - Shell History
MITREへのリンク →

Silent Librarian

Score: 3.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT32

Score: 20.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Magic Hound

Score: 24.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

Star Blizzard

Score: 9.23
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1102.003 - One-Way Communication
MITREへのリンク →

Moonstone Sleet

Score: 10.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 11.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 7.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 7.51
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

TA2541

Score: 8.65
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 12.36
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

OilRig

Score: 11.40
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1556.009 - Conditional Access Policies
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
MITREへのリンク →

TeamTNT

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1209 - Time Providers
MITREへのリンク →

LazyScripter

Score: 5.50
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

Gamaredon Group

Score: 8.65
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1546.017 - Udev Rules
MITREへのリンク →

Threat Group-3390

Score: 11.64
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1546.017 - Udev Rules
MITREへのリンク →

SideCopy

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

TA505

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

BlackByte

Score: 7.61
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BITTER

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

HEXANE

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Saint Bear

Score: 3.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

Contagious Interview

Score: 13.83
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 16.57
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

EXOTIC LILY

Score: 6.01
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Rocke

Score: 6.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1008 - Fallback Channels
MITREへのリンク →

Ember Bear

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1003.003 - NTDS
MITREへのリンク →

BackdoorDiplomacy

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
MITREへのリンク →

FIN13

Score: 10.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1209 - Time Providers
  • T1686.001 - Cloud Firewall
MITREへのリンク →

BlackTech

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Medusa Group

Score: 10.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sea Turtle

Score: 5.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Storm-0501

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
MITREへのリンク →

Fox Kitten

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Cinnamon Tempest

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
MITREへのリンク →

Ke3chang

Score: 3.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Agrius

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
MITREへのリンク →

menuPass

Score: 4.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1209 - Time Providers
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 3.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winter Vivern

Score: 12.91
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT29

Score: 17.05
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1218.009 - Regsvcs/Regasm
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

INC Ransom

Score: 8.16
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Axiom

Score: 6.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Play

Score: 6.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1490 - Inhibit System Recovery
MITREへのリンク →

HAFNIUM

Score: 13.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

MuddyWater

Score: 3.48
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
MITREへのリンク →

APT39

Score: 5.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Storm-1811

Score: 4.04
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT1

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1053.002 - At
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

Transparent Tribe

Score: 6.57
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1053.002 - At
MITREへのリンク →

Lazarus Group

Score: 9.58
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT38

Score: 5.68
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

BRONZE BUTLER

Score: 8.90
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Turla

Score: 13.69
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Andariel

Score: 5.61
Matched TTPs:
  • T1187 - Forced Authentication
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LAPSUS$

Score: 3.44
Matched TTPs:
  • T1592.003 - Firmware
MITREへのリンク →

Chimera

Score: 7.60
Matched TTPs:
  • T1592.003 - Firmware
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Wizard Spider

Score: 6.02
Matched TTPs:
  • T1556.009 - Conditional Access Policies
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Windshift

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Leafminer

Score: 3.53
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Tropic Trooper

Score: 4.43
Matched TTPs:
  • T1209 - Time Providers
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN6

Score: 6.69
Matched TTPs:
  • T1209 - Time Providers
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Velvet Ant

Score: 5.06
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Higaisa

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1102.003 - One-Way Communication
  • T1490 - Inhibit System Recovery
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1053.007 - Container Orchestration Job
  • T1003.003 - NTDS
  • T1552.003 - Shell History
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
  • T1008 - Fallback Channels
  • T1608.005 - Link Target
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT28

Score: 0.65
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1592.003 - Firmware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.012 - Hypervisor CLI
  • T1055.008 - Ptrace System Calls
  • T1146 - Clear Command History
  • T1608.005 - Link Target
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Magic Hound

Score: 0.61
Matched TTPs:
  • T1547.008 - LSASS Driver
  • T1566.002 - Spearphishing Link
  • T1592.003 - Firmware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1187 - Forced Authentication
  • T1053.002 - At
  • T1608.005 - Link Target
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Sandworm Team

Score: 0.59
Matched TTPs:
  • T1102.003 - One-Way Communication
  • T1049 - System Network Connections Discovery
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1187 - Forced Authentication
  • T1091 - Replication Through Removable Media
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る