Trusted Design

HummingBad: A Persistent Mobile Chain Attack

概要

Check Point Mobile Threat Prevention has detected a new, unknown mobile malware that targeted two customer Android devices belonging to employees at a large financial services institution. Mobile Threat Prevention identified the threat automatically by detecting exploitation attempts while examining the malware in the MTP emulators. The infection was remediated after the system notified the devices owners and the system administrators. The infection vector was a drive-by download attack, and the Check Points Threat-Cloud indicates some adult content sites served the malicious payload. Called HummingBad, this malware establishes a persistent rootkit with the objective to generate fraudulent ad revenue for its perpetrator, similar to the Brain Test app discovered by Check Point earlier this year. In addition, HummingBad installs fraudulent apps to increase the revenue stream for the fraudster.

Created: 2026-02-23

Indicators

類似Pulses

ZBot Malware (score: 0.64)
Android Marcher: Continuously Evolving Mobile Malware (score: 0.64)
New Android "Ghost Push" Variants (score: 0.63)
BankBot Found on Google Play and Targets Ten New UAE Banking Apps (score: 0.62)
IBM Trusteer: Mazain Mobile Bot Sees Increasing Prevalence in France and Spain (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29

Matched TTPs:

T1499.001 - OS Exhaustion Flood

MITREへのリンク →

APT41

Score: 9.86

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1560.003 - Archive via Custom Method
T1008 - Fallback Channels

MITREへのリンク →

Rocke

Score: 6.57

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1008 - Fallback Channels

MITREへのリンク →

TeamTNT

Score: 7.44

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

APT28

Score: 29.56

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1058 - Service Registry Permissions Weakness
T1558 - Steal or Forge Kerberos Tickets
T1139 - Bash History
T1059.001 - PowerShell
T1548.004 - Elevated Execution with Prompt
T1059.012 - Hypervisor CLI
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

UNC3886

Score: 6.44

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1059.004 - Unix Shell

MITREへのリンク →

Scattered Spider

Score: 11.08

Matched TTPs:

T1560.003 - Archive via Custom Method
T1552.003 - Shell History
T1565 - Data Manipulation
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

TA505

Score: 5.26

Matched TTPs:

T1560.003 - Archive via Custom Method
T1091 - Replication Through Removable Media

MITREへのリンク →

Volt Typhoon

Score: 7.42

Matched TTPs:

T1560.003 - Archive via Custom Method
T1584.002 - DNS Server

MITREへのリンク →

APT3

Score: 6.44

Matched TTPs:

T1560.003 - Archive via Custom Method
T1059.004 - Unix Shell

MITREへのリンク →

FIN13

Score: 7.99

Matched TTPs:

T1560.003 - Archive via Custom Method
T1558 - Steal or Forge Kerberos Tickets
T1552.003 - Shell History

MITREへのリンク →

APT42

Score: 9.26

Matched TTPs:

T1110.002 - Password Cracking
T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

Gamaredon Group

Score: 5.01

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media

MITREへのリンク →

LuminousMoth

Score: 5.01

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media

MITREへのリンク →

Aoqin Dragon

Score: 5.22

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Darkhotel

Score: 4.80

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustang Panda

Score: 13.68

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1136.001 - Local Account
T1055.005 - Thread Local Storage

MITREへのリンク →

FIN7

Score: 7.75

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1059.001 - PowerShell

MITREへのリンク →

Tropic Trooper

Score: 9.40

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1683 - Generate Content
T1128 - Netsh Helper DLL

MITREへのリンク →

Sandworm Team

Score: 14.19

Matched TTPs:

T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1558 - Steal or Forge Kerberos Tickets
T1546.008 - Accessibility Features
T1565 - Data Manipulation

MITREへのリンク →

TA2541

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

Earth Lusca

Score: 6.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.001 - PowerShell
T1059.012 - Hypervisor CLI

MITREへのリンク →

Kimsuky

Score: 18.10

Matched TTPs:

T1091 - Replication Through Removable Media
T1546.008 - Accessibility Features
T1552.003 - Shell History
T1565 - Data Manipulation
T1003.003 - NTDS
T1008 - Fallback Channels

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

OilRig

Score: 16.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1558 - Steal or Forge Kerberos Tickets
T1059.004 - Unix Shell
T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver

MITREへのリンク →

LazyScripter

Score: 4.16

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Star Blizzard

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation

MITREへのリンク →

Threat Group-3390

Score: 6.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.001 - PowerShell
T1059.012 - Hypervisor CLI

MITREへのリンク →

SideCopy

Score: 6.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1584.002 - DNS Server

MITREへのリンク →

BITTER

Score: 5.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1683 - Generate Content

MITREへのリンク →

APT32

Score: 8.27

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1565 - Data Manipulation
T1059.012 - Hypervisor CLI

MITREへのリンク →

HEXANE

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation

MITREへのリンク →

Moonstone Sleet

Score: 6.84

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 11.55

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1552.003 - Shell History
T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

EXOTIC LILY

Score: 6.84

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Ember Bear

Score: 12.91

Matched TTPs:

T1005 - Data from Local System
T1558 - Steal or Forge Kerberos Tickets
T1059.001 - PowerShell
T1003.003 - NTDS

MITREへのリンク →

menuPass

Score: 4.93

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1059.001 - PowerShell

MITREへのリンク →

BRONZE BUTLER

Score: 7.24

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Windshift

Score: 6.48

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Storm-1811

Score: 4.71

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1547.008 - LSASS Driver

MITREへのリンク →

Winter Vivern

Score: 3.95

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1059.012 - Hypervisor CLI

MITREへのリンク →

PLATINUM

Score: 3.95

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1059.012 - Hypervisor CLI

MITREへのリンク →

Silent Librarian

Score: 3.84

Matched TTPs:

T1546.008 - Accessibility Features

MITREへのリンク →

Storm-0501

Score: 5.45

Matched TTPs:

T1552.003 - Shell History
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Medusa Group

Score: 15.77

Matched TTPs:

T1552.003 - Shell History
T1565 - Data Manipulation
T1128 - Netsh Helper DLL
T1216 - System Script Proxy Execution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1565 - Data Manipulation

MITREへのリンク →

Fox Kitten

Score: 5.09

Matched TTPs:

T1059.001 - PowerShell
T1565 - Data Manipulation

MITREへのリンク →

Dragonfly

Score: 4.51

Matched TTPs:

T1059.001 - PowerShell
T1059.012 - Hypervisor CLI

MITREへのリンク →

Patchwork

Score: 8.20

Matched TTPs:

T1059.004 - Unix Shell
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Deep Panda

Score: 3.15

Matched TTPs:

T1059.004 - Unix Shell

MITREへのリンク →

GALLIUM

Score: 3.15

Matched TTPs:

T1059.004 - Unix Shell

MITREへのリンク →

Turla

Score: 4.92

Matched TTPs:

T1059.004 - Unix Shell
T1059.012 - Hypervisor CLI

MITREへのリンク →

Leviathan

Score: 4.11

Matched TTPs:

T1565 - Data Manipulation
T1059.012 - Hypervisor CLI

MITREへのリンク →

CURIUM

Score: 6.63

Matched TTPs:

T1565 - Data Manipulation
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 14.38

Matched TTPs:

T1565 - Data Manipulation
T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver
T1216 - System Script Proxy Execution

MITREへのリンク →

Magic Hound

Score: 10.25

Matched TTPs:

T1565 - Data Manipulation
T1683 - Generate Content
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

APT29

Score: 9.07

Matched TTPs:

T1683 - Generate Content
T1021.001 - Remote Desktop Protocol
T1547.008 - LSASS Driver

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

APT38

Score: 5.39

Matched TTPs:

T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

APT37

Score: 5.39

Matched TTPs:

T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.79

Matched TTPs:

T1548.004 - Elevated Execution with Prompt
T1139 - Bash History
T1059.012 - Hypervisor CLI
T1558 - Steal or Forge Kerberos Tickets
T1059.001 - PowerShell
T1021.001 - Remote Desktop Protocol
T1499.001 - OS Exhaustion Flood
T1588.003 - Code Signing Certificates
T1058 - Service Registry Permissions Weakness

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る