Emissary Trojan/ Operation Lotus Blossom Update
概要
In December 2015, Unit 42 published a blog about a cyber espionage attack using the Emissary Trojan as a payload. Emissary is related to the Elise Trojan and the Operation Lotus Blossom attack campaign, which prompted us to start collecting additional samples of Emissary.
The oldest sample we found was created in 2009, indicating this tool has been in use for almost seven years. Of note, this is three years earlier than the oldest Elise sample we have found, suggesting this group has been active longer than previously documented. In addition, Emissary appears to only be used against Taiwanese or Hong Kong based targets, all of the decoys are written in Traditional Chinese, and they use themes related to the government or military.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 6.47
Matched TTPs:
- T1218.003 - CMSTP
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1491 - Defacement
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1491 - Defacement
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 18.14
Matched TTPs:
- T1491 - Defacement
- T1090.004 - Domain Fronting
- T1498 - Network Denial of Service
- T1027.002 - Software Packing
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1491 - Defacement
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1491 - Defacement
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1592.004 - Client Configurations
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1592.004 - Client Configurations
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1592.004 - Client Configurations
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1562.010 - Downgrade Attack
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1562.010 - Downgrade Attack
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1562.010 - Downgrade Attack
- T1200 - Hardware Additions
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1567.001 - Exfiltration to Code Repository
MITREへのリンク →
Score: 6.47
Matched TTPs:
- T1567.001 - Exfiltration to Code Repository
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1574.010 - Services File Permissions Weakness
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1574.010 - Services File Permissions Weakness
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1090.004 - Domain Fronting
MITREへのリンク →
Score: 5.49
Matched TTPs:
- T1200 - Hardware Additions
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1200 - Hardware Additions
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1200 - Hardware Additions
MITREへのリンク →
Score: 5.49
Matched TTPs:
- T1200 - Hardware Additions
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1200 - Hardware Additions
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1200 - Hardware Additions
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1498 - Network Denial of Service
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1498 - Network Denial of Service
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1548.006 - TCC Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.82
Matched TTPs:
- T1027.002 - Software Packing
- T1498 - Network Denial of Service
- T1548.006 - TCC Manipulation
- T1090.004 - Domain Fronting
- T1491 - Defacement
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design