Trusted Design

Sykipot/WyksolTrojan

概要

A variant of the Sykipot/Wyksol Trojan used in recent attacks. This malware was distributed as a drive-by download exploiting CVE-2012-1889. The initial payload (834D1D492E873DFD0C47A91B221E0258) is XOR encoded with a key of 0x95, skipping any bytes that are 0x00 or 0x95. This unencoded payload has been used in multiple targeted campaigns to provide backdoor access to infected systems. Reference: http://labs.alienvault.com/labs/index.php/2012/sykipot-is-back/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 18.32
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 7.94
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1014 - Rootkit
MITREへのリンク →

APT41

Score: 7.39
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Rocke

Score: 11.08
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1027.004 - Compile After Delivery
MITREへのリンク →

TeamTNT

Score: 5.99
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT28

Score: 22.57
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1557.004 - Evil Twin
  • T1203 - Exploitation for Client Execution
  • T1498 - Network Denial of Service
  • T1669 - Wi-Fi Networks
MITREへのリンク →

UNC3886

Score: 6.25
Matched TTPs:
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 10.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.012 - LNK Icon Smuggling
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Volt Typhoon

Score: 4.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

BRONZE BUTLER

Score: 4.20
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Storm-1811

Score: 5.23
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 4.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

MuddyWater

Score: 9.29
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Earth Lusca

Score: 4.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT29

Score: 11.16
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ke3chang

Score: 4.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Tropic Trooper

Score: 4.20
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Magic Hound

Score: 5.13
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 6.72
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 4.20
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

menuPass

Score: 4.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Ember Bear

Score: 8.23
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

APT39

Score: 4.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Kimsuky

Score: 12.15
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1027.012 - LNK Icon Smuggling
  • T1588.005 - Exploits
MITREへのリンク →

ToddyCat

Score: 5.13
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Mustang Panda

Score: 12.18
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.012 - LNK Icon Smuggling
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN13

Score: 4.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Sandworm Team

Score: 5.67
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Agrius

Score: 3.04
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT38

Score: 5.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Threat Group-3390

Score: 4.53
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Winter Vivern

Score: 3.04
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

BlackByte

Score: 3.04
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Leviathan

Score: 4.53
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Cinnamon Tempest

Score: 3.04
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Higaisa

Score: 3.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Medusa Group

Score: 5.09
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sea Turtle

Score: 6.59
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Axiom

Score: 7.50
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1001.002 - Steganography
MITREへのリンク →

EXOTIC LILY

Score: 4.02
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT37

Score: 5.12
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82
Matched TTPs:
  • T1557.004 - Evil Twin
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1669 - Wi-Fi Networks
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1498 - Network Denial of Service
MITREへのリンク →

Lazarus Group

Score: 0.64
Matched TTPs:
  • T1566.003 - Spearphishing via Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1529 - System Shutdown/Reboot
  • T1027.007 - Dynamic API Resolution
  • T1027.009 - Embedded Payloads
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る