Pulse Detail-

A Look Into Fysbis: Sofacy’s Linux Backdoor

概要

The Sofacy group, also known as APT28 and Sednit, is a fairly well known cyber espionage group believed to have ties to Russia. Their targets have spanned all across the world, with a focus on government, defense organizations and various Eastern European governments. There have been numerous reports on their activities, to the extent that a Wikipedia entry has even been created for them. The Linux malware Fysbis is a preferred tool of Sofacy, and though it is not particularly sophisticated, Linux security in general is still a maturing area, especially in regards to malware. In short, it is entirely plausible that this tool has contributed to the success of associated attacks by this group. This blog post focuses specifically on this Linux tool preferred by Sofacy and describes considerations and implications when it comes to Linux malware.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

A Look Into Fysbis: Sofacy’s Linux Backdoor (score: 0.88)
20160212B: Sofacy’s Linux Backdoor (score: 0.71)
BlackEnergy by the SSHBearDoor (score: 0.70)
New wave of cyberattacks against Ukrainian power industry (score: 0.65)
New Trojan for Linux infects routers (score: 0.65)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 11.93

Matched TTPs:

T1491.002 - External Defacement
T1195 - Supply Chain Compromise
T1588.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 25.25

Matched TTPs:

T1491.002 - External Defacement
T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1584.005 - Botnet
T1199 - Trusted Relationship
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

Winnti Group

Score: 3.29

Matched TTPs:

T1014 - Rootkit

MITREへのリンク →

APT41

Score: 8.56

Matched TTPs:

T1014 - Rootkit
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

Rocke

Score: 7.19

Matched TTPs:

T1014 - Rootkit
T1140 - Deobfuscate/Decode Files or Information
T1059.006 - Python

MITREへのリンク →

TeamTNT

Score: 11.44

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware

MITREへのリンク →

APT28

Score: 18.61

Matched TTPs:

T1014 - Rootkit
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1498 - Network Denial of Service
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

UNC3886

Score: 19.94

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1588.001 - Malware
T1205.001 - Port Knocking
T1554 - Compromise Host Software Binary
T1203 - Exploitation for Client Execution
T1059.006 - Python

MITREへのリンク →

Kimsuky

Score: 14.10

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1588.002 - Tool
T1218.010 - Regsvr32
T1059.006 - Python

MITREへのリンク →

FIN13

Score: 4.51

Matched TTPs:

T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool

MITREへのリンク →

Moonstone Sleet

Score: 11.09

Matched TTPs:

T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1195.002 - Compromise Software Supply Chain
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 8.46

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1136 - Create Account

MITREへのリンク →

Lazarus Group

Score: 19.79

Matched TTPs:

T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1010 - Application Window Discovery
T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 14.32

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1204.005 - Malicious Library
T1588.002 - Tool
T1059.006 - Python
T1566.003 - Spearphishing via Service

MITREへのリンク →

OilRig

Score: 19.62

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

LuminousMoth

Score: 7.38

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Salt Typhoon

Score: 6.79

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1136 - Create Account

MITREへのリンク →

APT29

Score: 20.21

Matched TTPs:

T1587.001 - Malware
T1199 - Trusted Relationship
T1588.002 - Tool
T1573 - Encrypted Channel
T1203 - Exploitation for Client Execution
T1562.008 - Disable or Modify Cloud Logs
T1059.006 - Python
T1566.003 - Spearphishing via Service

MITREへのリンク →

Aoqin Dragon

Score: 4.44

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

RedCurl

Score: 13.37

Matched TTPs:

T1587.001 - Malware
T1080 - Taint Shared Content
T1199 - Trusted Relationship
T1573.002 - Asymmetric Cryptography
T1059.006 - Python

MITREへのリンク →

Turla

Score: 11.83

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1588.002 - Tool
T1059.006 - Python

MITREへのリンク →

Ke3chang

Score: 7.04

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool

MITREへのリンク →

Mustang Panda

Score: 23.93

Matched TTPs:

T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1176.002 - IDE Extensions
T1678 - Delay Execution
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1518 - Software Discovery
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN7

Score: 13.95

Matched TTPs:

T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1674 - Input Injection
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Darkhotel

Score: 6.50

Matched TTPs:

T1080 - Taint Shared Content
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gamaredon Group

Score: 7.83

Matched TTPs:

T1080 - Taint Shared Content
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1588.002 - Tool

MITREへのリンク →

BRONZE BUTLER

Score: 14.96

Matched TTPs:

T1080 - Taint Shared Content
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1059.006 - Python
T1518 - Software Discovery

MITREへのリンク →

Cinnamon Tempest

Score: 8.20

Matched TTPs:

T1080 - Taint Shared Content
T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1059.006 - Python

MITREへのリンク →

Aquatic Panda

Score: 5.83

Matched TTPs:

T1007 - System Service Discovery
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Chimera

Score: 3.37

Matched TTPs:

T1007 - System Service Discovery
T1588.002 - Tool

MITREへのリンク →

Earth Lusca

Score: 11.71

Matched TTPs:

T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1059.006 - Python

MITREへのリンク →

Volt Typhoon

Score: 15.15

Matched TTPs:

T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1010 - Application Window Discovery
T1584.005 - Botnet
T1588.002 - Tool
T1518 - Software Discovery

MITREへのリンク →

admin@338

Score: 4.02

Matched TTPs:

T1007 - System Service Discovery
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT1

Score: 5.83

Matched TTPs:

T1007 - System Service Discovery
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

APT39

Score: 4.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1059.006 - Python

MITREへのリンク →

WIRTE

Score: 5.16

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1218.010 - Regsvr32

MITREへのリンク →

APT38

Score: 5.70

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

Storm-1811

Score: 4.94

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

ZIRCONIUM

Score: 3.91

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.006 - Python

MITREへのリンク →

MuddyWater

Score: 9.00

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1059.006 - Python
T1518 - Software Discovery

MITREへのリンク →

TA505

Score: 6.85

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Threat Group-3390

Score: 15.69

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1608.002 - Upload Tool
T1199 - Trusted Relationship
T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

menuPass

Score: 8.45

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

BlackByte

Score: 3.54

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware

MITREへのリンク →

Leviathan

Score: 5.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

Tropic Trooper

Score: 12.18

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1518 - Software Discovery

MITREへのリンク →

APT19

Score: 5.16

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1218.010 - Regsvr32

MITREへのリンク →

Higaisa

Score: 3.06

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA2541

Score: 8.03

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

SideCopy

Score: 4.72

Matched TTPs:

T1608.001 - Upload Malware
T1518 - Software Discovery

MITREへのリンク →

BITTER

Score: 7.94

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1573 - Encrypted Channel
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 10.35

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1218.010 - Regsvr32
T1036.003 - Rename Legitimate Utilities
T1203 - Exploitation for Client Execution

MITREへのリンク →

HEXANE

Score: 9.41

Matched TTPs:

T1608.001 - Upload Malware
T1010 - Application Window Discovery
T1588.002 - Tool
T1518 - Software Discovery

MITREへのリンク →

Saint Bear

Score: 3.47

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

EXOTIC LILY

Score: 5.99

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 5.57

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Medusa Group

Score: 12.27

Matched TTPs:

T1608.002 - Upload Tool
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1650 - Acquire Access

MITREへのリンク →

LAPSUS$

Score: 6.05

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1588.002 - Tool

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Andariel

Score: 3.95

Matched TTPs:

T1588.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

BackdoorDiplomacy

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Scattered Spider

Score: 7.15

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool
T1136 - Create Account

MITREへのリンク →

Equation

Score: 4.54

Matched TTPs:

T1542.002 - Component Firmware

MITREへのリンク →

HAFNIUM

Score: 6.37

Matched TTPs:

T1584.005 - Botnet
T1199 - Trusted Relationship

MITREへのリンク →

Axiom

Score: 5.12

Matched TTPs:

T1584.005 - Botnet
T1203 - Exploitation for Client Execution

MITREへのリンク →

PROMETHIUM

Score: 4.13

Matched TTPs:

T1205.001 - Port Knocking

MITREへのリンク →

APT33

Score: 6.48

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Wizard Spider

Score: 4.98

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.002 - Tool

MITREへのリンク →

APT5

Score: 4.13

Matched TTPs:

T1554 - Compromise Host Software Binary

MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.67

Matched TTPs:

T1199 - Trusted Relationship
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

POLONIUM

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1588.002 - Tool

MITREへのリンク →

Sea Turtle

Score: 5.09

Matched TTPs:

T1199 - Trusted Relationship
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Inception

Score: 7.83

Matched TTPs:

T1588.002 - Tool
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1518 - Software Discovery

MITREへのリンク →

Magic Hound

Score: 6.99

Matched TTPs:

T1588.002 - Tool
T1573 - Encrypted Channel
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN8

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

GALLIUM

Score: 4.13

Matched TTPs:

T1588.002 - Tool
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

FIN6

Score: 6.12

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

Cobalt Group

Score: 10.76

Matched TTPs:

T1588.002 - Tool
T1218.010 - Regsvr32
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Dragonfly

Score: 7.61

Matched TTPs:

T1588.002 - Tool
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1059.006 - Python

MITREへのリンク →

Blue Mockingbird

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1218.010 - Regsvr32

MITREへのリンク →

Daggerfly

Score: 6.21

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

Sidewinder

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1518 - Software Discovery

MITREへのリンク →

APT37

Score: 3.83

Matched TTPs:

T1203 - Exploitation for Client Execution
T1059.006 - Python

MITREへのリンク →

Tonto Team

Score: 3.83

Matched TTPs:

T1203 - Exploitation for Client Execution
T1059.006 - Python

MITREへのリンク →

Velvet Ant

Score: 6.88

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Windshift

Score: 5.27

Matched TTPs:

T1518 - Software Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1056.004 - Credential API Hooking

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.84

Matched TTPs:

T1584.005 - Botnet
T1195.002 - Compromise Software Supply Chain
T1608.001 - Upload Malware
T1491.002 - External Defacement
T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1195 - Supply Chain Compromise
T1203 - Exploitation for Client Execution
T1588.002 - Tool

MITREへのリンク →

Mustang Panda

Score: 0.79

Matched TTPs:

T1608.001 - Upload Malware
T1518 - Software Discovery
T1176.002 - IDE Extensions
T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1678 - Delay Execution
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1588.002 - Tool

MITREへのリンク →

APT29

Score: 0.71

Matched TTPs:

T1573 - Encrypted Channel
T1587.001 - Malware
T1059.006 - Python
T1199 - Trusted Relationship
T1562.008 - Disable or Modify Cloud Logs
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service
T1588.002 - Tool

MITREへのリンク →

APT28

Score: 0.70

Matched TTPs:

T1498 - Network Denial of Service
T1140 - Deobfuscate/Decode Files or Information
T1014 - Rootkit
T1199 - Trusted Relationship
T1203 - Exploitation for Client Execution
T1211 - Exploitation for Defense Evasion
T1588.002 - Tool

MITREへのリンク →

UNC3886

Score: 0.69

Matched TTPs:

T1554 - Compromise Host Software Binary
T1587.001 - Malware
T1059.006 - Python
T1014 - Rootkit
T1205.001 - Port Knocking
T1588.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lazarus Group

Score: 0.67

Matched TTPs:

T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service
T1036.003 - Rename Legitimate Utilities
T1010 - Application Window Discovery
T1588.002 - Tool
T1027.007 - Dynamic API Resolution

MITREへのリンク →

OilRig

Score: 0.67

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1608.001 - Upload Malware
T1007 - System Service Discovery
T1587.001 - Malware
T1140 - Deobfuscate/Decode Files or Information
T1195 - Supply Chain Compromise
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service
T1588.002 - Tool

MITREへのリンク →

Threat Group-3390

Score: 0.55

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1608.001 - Upload Malware
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1203 - Exploitation for Client Execution
T1588.002 - Tool
T1608.002 - Upload Tool

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

A Look Into Fysbis: Sofacy’s Linux Backdoor

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ