Trusted Design

Carbanak Group Targets Financial Orgs in the Middle East

概要

The Carbanak group is infamous for infiltrating various financial institutions, and stealing millions of dollars by learning and abusing the internals of victim payment processing networks, ATM networks and transaction systems. Recently, we detected Carbanak campaigns attempting to: • Target high level executives in financial companies or in financial/decision-making roles in the Middle East, U.S. and Europe • Spear-phishing emails delivering URLs, macro documents, exploit documents • Use of Spy.Sekur (Carbanak malware) and commodity remote access Trojans (RATs) such as jRAT, Netwire, Cybergate and others used in support of operations.

Created: 2026-02-23

Indicators

類似Pulses

Carbanak gang is back and packing new guns (score: 0.78)
KRBanker Targets South Korea Through Adware and Exploit Kits (score: 0.62)
EngineBox Malware Supports 10+ Brazilian Banks - SANS Internet Storm Center (score: 0.61)
OilRig Deploys ALMA Communicator – DNS Tunneling Trojan (score: 0.61)
Targeted Crimeware in the Midst of Indiscriminate Activity (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 34.42

Matched TTPs:

T1583 - Acquire Infrastructure
T1598.003 - Spearphishing Link
T1593.002 - Search Engines
T1657 - Financial Theft
T1593 - Search Open Websites/Domains
T1566 - Phishing
T1598 - Phishing for Information
T1219.002 - Remote Desktop Software
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol
T1588.005 - Exploits

MITREへのリンク →

Sea Turtle

Score: 7.81

Matched TTPs:

T1583 - Acquire Infrastructure
T1566 - Phishing
T1203 - Exploitation for Client Execution

MITREへのリンク →

Ember Bear

Score: 12.79

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

Indrik Spider

Score: 4.68

Matched TTPs:

T1583 - Acquire Infrastructure
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Agrius

Score: 4.68

Matched TTPs:

T1583 - Acquire Infrastructure
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Contagious Interview

Score: 14.29

Matched TTPs:

T1583 - Acquire Infrastructure
T1657 - Financial Theft
T1593 - Search Open Websites/Domains
T1219.002 - Remote Desktop Software
T1566.003 - Spearphishing via Service

MITREへのリンク →

Sandworm Team

Score: 14.40

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution

MITREへのリンク →

Star Blizzard

Score: 8.78

Matched TTPs:

T1583 - Acquire Infrastructure
T1598.003 - Spearphishing Link
T1593 - Search Open Websites/Domains

MITREへのリンク →

Scattered Spider

Score: 20.97

Matched TTPs:

T1564.008 - Email Hiding Rules
T1598.003 - Spearphishing Link
T1098.003 - Additional Cloud Roles
T1657 - Financial Theft
T1598 - Phishing for Information
T1219.002 - Remote Desktop Software
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1564.008 - Email Hiding Rules

MITREへのリンク →

Sidewinder

Score: 6.54

Matched TTPs:

T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Mustang Panda

Score: 17.45

Matched TTPs:

T1598.003 - Spearphishing Link
T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution
T1219.002 - Remote Desktop Software
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution

MITREへのリンク →

ZIRCONIUM

Score: 8.49

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information
T1124 - System Time Discovery

MITREへのリンク →

APT32

Score: 7.80

Matched TTPs:

T1598.003 - Spearphishing Link
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

Magic Hound

Score: 6.63

Matched TTPs:

T1598.003 - Spearphishing Link
T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT28

Score: 15.08

Matched TTPs:

T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1598 - Phishing for Information
T1221 - Template Injection
T1669 - Wi-Fi Networks

MITREへのリンク →

Moonstone Sleet

Score: 8.42

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 7.57

Matched TTPs:

T1598.003 - Spearphishing Link
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dragonfly

Score: 8.75

Matched TTPs:

T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1221 - Template Injection
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Patchwork

Score: 8.75

Matched TTPs:

T1598.003 - Spearphishing Link
T1027.005 - Indicator Removal from Tools
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

LAPSUS$

Score: 3.84

Matched TTPs:

T1098.003 - Additional Cloud Roles

MITREへのリンク →

Storm-0501

Score: 9.30

Matched TTPs:

T1098.003 - Additional Cloud Roles
T1657 - Financial Theft
T1219.002 - Remote Desktop Software

MITREへのリンク →

APT29

Score: 7.86

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

BRONZE BUTLER

Score: 7.93

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

INC Ransom

Score: 7.46

Matched TTPs:

T1657 - Financial Theft
T1566 - Phishing
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN13

Score: 7.10

Matched TTPs:

T1657 - Financial Theft
T1021.001 - Remote Desktop Protocol
T1090.001 - Internal Proxy

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1657 - Financial Theft
T1566 - Phishing

MITREへのリンク →

Akira

Score: 4.17

Matched TTPs:

T1657 - Financial Theft
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Medusa Group

Score: 12.33

Matched TTPs:

T1657 - Financial Theft
T1650 - Acquire Access
T1021.001 - Remote Desktop Protocol
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT33

Score: 5.63

Matched TTPs:

T1552.006 - Group Policy Preferences
T1203 - Exploitation for Client Execution

MITREへのリンク →

Wizard Spider

Score: 8.93

Matched TTPs:

T1552.006 - Group Policy Preferences
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Volt Typhoon

Score: 14.59

Matched TTPs:

T1593 - Search Open Websites/Domains
T1614 - System Location Discovery
T1021.001 - Remote Desktop Protocol
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Axiom

Score: 10.96

Matched TTPs:

T1566 - Phishing
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol
T1001.002 - Steganography

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

UNC3886

Score: 7.24

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Deep Panda

Score: 3.15

Matched TTPs:

T1027.005 - Indicator Removal from Tools

MITREへのリンク →

GALLIUM

Score: 3.15

Matched TTPs:

T1027.005 - Indicator Removal from Tools

MITREへのリンク →

OilRig

Score: 11.97

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 8.67

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

APT3

Score: 6.29

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Threat Group-3390

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

EXOTIC LILY

Score: 4.02

Matched TTPs:

T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 18.94

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1021.001 - Remote Desktop Protocol
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1090.001 - Internal Proxy
T1529 - System Shutdown/Reboot

MITREへのリンク →

BlackTech

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Confucius

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Higaisa

Score: 7.01

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Cobalt Group

Score: 3.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Leviathan

Score: 3.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT37

Score: 5.12

Matched TTPs:

T1203 - Exploitation for Client Execution
T1529 - System Shutdown/Reboot

MITREへのリンク →

Tropic Trooper

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Inception

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

APT41

Score: 3.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Darkhotel

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1614 - System Location Discovery

MITREへのリンク →

Storm-1811

Score: 5.45

Matched TTPs:

T1219.002 - Remote Desktop Software
T1566.003 - Spearphishing via Service

MITREへのリンク →

Gamaredon Group

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

FIN8

Score: 4.80

Matched TTPs:

T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT39

Score: 4.58

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1090.001 - Internal Proxy

MITREへのリンク →

FIN7

Score: 4.24

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1124 - System Time Discovery

MITREへのリンク →

FIN6

Score: 4.17

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service

MITREへのリンク →

Blue Mockingbird

Score: 6.19

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1574.012 - COR_PROFILER

MITREへのリンク →

Chimera

Score: 4.24

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1124 - System Time Discovery

MITREへのリンク →

APT38

Score: 3.62

Matched TTPs:

T1529 - System Shutdown/Reboot

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.83

Matched TTPs:

T1588.005 - Exploits
T1593.002 - Search Engines
T1583 - Acquire Infrastructure
T1598 - Phishing for Information
T1593 - Search Open Websites/Domains
T1566 - Phishing
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol
T1598.003 - Spearphishing Link
T1657 - Financial Theft
T1219.002 - Remote Desktop Software

MITREへのリンク →

Scattered Spider

Score: 0.56

Matched TTPs:

T1598 - Phishing for Information
T1021.001 - Remote Desktop Protocol
T1098.003 - Additional Cloud Roles
T1598.003 - Spearphishing Link
T1657 - Financial Theft
T1564.008 - Email Hiding Rules
T1219.002 - Remote Desktop Software

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る