Trusted Design

Attack on Zygote: a new twist in the evolution of mobile threats

概要

The owners of Trojans , such as Leech, Ztorg, Gorpo (as well as the new malware family Trojan.AndroidOS.Iop) are working together. Devices infected by these malicious programs usually form a kind of “advertising botnet” via which advertising Trojans distribute each other as well as the advertised apps. Within a few minutes of installing one of these Trojans, all other active malware on the “network” is enabled on the victim’s device. Cybercriminals are cashing in on advertising and installing legitimate applications.

Created: 2026-02-23

Indicators

類似Pulses

ZBot Malware (score: 0.82)
Banking Trojan infected dozens of Android apps worldwide (score: 0.69)
Trojan-Banker.AndroidOS.Faketoken follow-up (score: 0.67)
Zbot malware on Metadefender.com (score: 0.65)
Android Trojan Xbot Phishes Credit Cards and Bank Accounts (score: 0.65)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 17.53

Matched TTPs:

T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1218.010 - Regsvr32
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 24.82

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1548.006 - TCC Manipulation

MITREへのリンク →

Volt Typhoon

Score: 13.65

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1548.006 - TCC Manipulation
T1578.001 - Create Snapshot

MITREへのリンク →

APT28

Score: 20.28

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1058 - Service Registry Permissions Weakness
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1548.006 - TCC Manipulation
T1546.007 - Netsh Helper DLL

MITREへのリンク →

ZIRCONIUM

Score: 8.23

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1608.005 - Link Target
T1578.001 - Create Snapshot

MITREへのリンク →

Leviathan

Score: 8.35

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustard Tempest

Score: 8.28

Matched TTPs:

T1682 - Query Public AI Services
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

Kimsuky

Score: 19.51

Matched TTPs:

T1606.002 - SAML Tokens
T1213.006 - Databases
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1562.013 - Disable or Modify Network Device Firewall
T1003.003 - NTDS

MITREへのリンク →

FIN13

Score: 5.91

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1548.006 - TCC Manipulation

MITREへのリンク →

Moonstone Sleet

Score: 4.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media

MITREへのリンク →

Lazarus Group

Score: 17.94

Matched TTPs:

T1606.002 - SAML Tokens
T1608.005 - Link Target
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot

MITREへのリンク →

Contagious Interview

Score: 19.29

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1608.005 - Link Target
T1059.006 - Python
T1221 - Template Injection

MITREへのリンク →

OilRig

Score: 9.41

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1218.010 - Regsvr32

MITREへのリンク →

UNC3886

Score: 14.24

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

LuminousMoth

Score: 9.56

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

Salt Typhoon

Score: 3.57

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT29

Score: 7.07

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

Play

Score: 3.57

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Aoqin Dragon

Score: 6.62

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1218.010 - Regsvr32

MITREへのリンク →

Moses Staff

Score: 3.57

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Turla

Score: 14.55

Matched TTPs:

T1606.002 - SAML Tokens
T1136.002 - Domain Account
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Ke3chang

Score: 9.75

Matched TTPs:

T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1548.006 - TCC Manipulation

MITREへのリンク →

Mustang Panda

Score: 20.93

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1055.005 - Thread Local Storage
T1548.006 - TCC Manipulation

MITREへのリンク →

TeamTNT

Score: 4.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media

MITREへのリンク →

FIN7

Score: 13.18

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1578.001 - Create Snapshot

MITREへのリンク →

HAFNIUM

Score: 13.29

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1548.006 - TCC Manipulation

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Gamaredon Group

Score: 7.02

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Darkhotel

Score: 8.88

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Tropic Trooper

Score: 4.53

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1218.010 - Regsvr32

MITREへのリンク →

TA2541

Score: 6.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1608.005 - Link Target

MITREへのリンク →

Earth Lusca

Score: 13.30

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

LazyScripter

Score: 6.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1608.005 - Link Target

MITREへのリンク →

Threat Group-3390

Score: 6.70

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

TA505

Score: 4.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account

MITREへのリンク →

BlackByte

Score: 3.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

BITTER

Score: 3.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 7.24

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

EXOTIC LILY

Score: 3.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

BackdoorDiplomacy

Score: 3.93

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Magic Hound

Score: 9.09

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1187 - Forced Authentication
T1059.012 - Hypervisor CLI

MITREへのリンク →

Medusa Group

Score: 14.90

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1598 - Phishing for Information
T1548.006 - TCC Manipulation
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Sea Turtle

Score: 6.25

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.013 - Disable or Modify Network Device Firewall
T1218.010 - Regsvr32

MITREへのリンク →

Fox Kitten

Score: 7.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1548.006 - TCC Manipulation
T1588.005 - Exploits

MITREへのリンク →

menuPass

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1548.006 - TCC Manipulation

MITREへのリンク →

Winter Vivern

Score: 6.86

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

INC Ransom

Score: 4.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Dragonfly

Score: 7.07

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1548.006 - TCC Manipulation

MITREへのリンク →

Axiom

Score: 11.64

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1562.013 - Disable or Modify Network Device Firewall
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT41

Score: 5.30

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1548.006 - TCC Manipulation

MITREへのリンク →

MuddyWater

Score: 4.98

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

LAPSUS$

Score: 12.78

Matched TTPs:

T1136.002 - Domain Account
T1557.002 - ARP Cache Poisoning
T1548.006 - TCC Manipulation
T1588.005 - Exploits

MITREへのリンク →

Andariel

Score: 9.56

Matched TTPs:

T1136.002 - Domain Account
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Scattered Spider

Score: 12.78

Matched TTPs:

T1136.002 - Domain Account
T1557.002 - ARP Cache Poisoning
T1548.006 - TCC Manipulation
T1588.005 - Exploits

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

AppleJeus

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

CURIUM

Score: 7.98

Matched TTPs:

T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Storm-1811

Score: 4.54

Matched TTPs:

T1486 - Data Encrypted for Impact

MITREへのリンク →

Sidewinder

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Patchwork

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Higaisa

Score: 7.93

Matched TTPs:

T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1578.001 - Create Snapshot

MITREへのリンク →

APT37

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

BRONZE BUTLER

Score: 5.85

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Transparent Tribe

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Chimera

Score: 4.93

Matched TTPs:

T1548.006 - TCC Manipulation
T1578.001 - Create Snapshot

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.81

Matched TTPs:

T1564.008 - Email Hiding Rules
T1049 - System Network Connections Discovery
T1606.002 - SAML Tokens
T1187 - Forced Authentication
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1548.006 - TCC Manipulation
T1218.010 - Regsvr32

MITREへのリンク →

Mustang Panda

Score: 0.70

Matched TTPs:

T1055.005 - Thread Local Storage
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1058 - Service Registry Permissions Weakness
T1567.002 - Exfiltration to Cloud Storage
T1548.006 - TCC Manipulation
T1218.010 - Regsvr32

MITREへのリンク →

APT28

Score: 0.67

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1546.007 - Netsh Helper DLL
T1059.012 - Hypervisor CLI
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1058 - Service Registry Permissions Weakness
T1548.006 - TCC Manipulation
T1218.010 - Regsvr32

MITREへのリンク →

Kimsuky

Score: 0.67

Matched TTPs:

T1606.002 - SAML Tokens
T1562.013 - Disable or Modify Network Device Firewall
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1003.003 - NTDS
T1213.006 - Databases

MITREへのリンク →

Contagious Interview

Score: 0.67

Matched TTPs:

T1021.006 - Windows Remote Management
T1606.002 - SAML Tokens
T1221 - Template Injection
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1059.006 - Python

MITREへのリンク →

Lazarus Group

Score: 0.62

Matched TTPs:

T1055.005 - Thread Local Storage
T1606.002 - SAML Tokens
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1608.005 - Link Target
T1567.002 - Exfiltration to Cloud Storage
T1218.010 - Regsvr32

MITREへのリンク →

Ember Bear

Score: 0.56

Matched TTPs:

T1564.008 - Email Hiding Rules
T1136.002 - Domain Account
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1003.003 - NTDS
T1218.010 - Regsvr32

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る