Trusted Design

China-based Ad Giant Serves Malicious Code Through Ad Slots

概要

At FireEye Labs, we have discovered another well-crafted malvertising campaign that uses the ad API of one of the world’s largest search engines: China-based Baidu. The attacker employs a simple HTML redirector instead of shellcode or an exploit in an apparently benign-looking website. This leads to a redirection loop fetching malicious content from compromised ad slots, which starts dropping malwares in a chain on the infected machine. This malvertising campaign involving Baidu’s API has been designed in a way so that its actual source is hard to trace back. Source : https://www.fireeye.com/blog/threat-research/2016/03/china-based_ad_giant.html

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Large Malvertising Campaign Goes (Almost) Undetected (score: 0.69)
Unusual Exploit Kit Targets Chinese Users,2 (score: 0.64)
The HookAds Malvertising Campaign (score: 0.64)
Unusual Exploit Kit Targets Chinese Users (score: 0.64)
Chinese Government Website Compromised, Leads to Angler (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 23.41

Matched TTPs:

T1148 - HISTCONTROL
T1560.003 - Archive via Custom Method
T1114 - Email Collection
T1102.003 - One-Way Communication
T1537 - Transfer Data to Cloud Account
T1546.016 - Installer Packages
T1574.002 - DLL Side-Loading

MITREへのリンク →

Ember Bear

Score: 13.60

Matched TTPs:

T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1218.010 - Regsvr32
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 30.91

Matched TTPs:

T1564.008 - Email Hiding Rules
T1114 - Email Collection
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1102.003 - One-Way Communication
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustard Tempest

Score: 14.17

Matched TTPs:

T1682 - Query Public AI Services
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1543.002 - Systemd Service
T1027.018 - Invisible Unicode

MITREへのリンク →

APT41

Score: 15.10

Matched TTPs:

T1560.003 - Archive via Custom Method
T1218.010 - Regsvr32
T1002 - Data Compressed
T1537 - Transfer Data to Cloud Account
T1574.002 - DLL Side-Loading

MITREへのリンク →

Scattered Spider

Score: 5.74

Matched TTPs:

T1560.003 - Archive via Custom Method
T1566.002 - Spearphishing Link

MITREへのリンク →

TA505

Score: 8.67

Matched TTPs:

T1560.003 - Archive via Custom Method
T1091 - Replication Through Removable Media
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

APT3

Score: 8.19

Matched TTPs:

T1560.003 - Archive via Custom Method
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN13

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Silent Librarian

Score: 5.74

Matched TTPs:

T1114 - Email Collection
T1566.002 - Spearphishing Link

MITREへのリンク →

Kimsuky

Score: 35.88

Matched TTPs:

T1114 - Email Collection
T1213.006 - Databases
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1683.001 - Written Content
T1608 - Stage Capabilities
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1547.002 - Authentication Package
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode
T1003.003 - NTDS

MITREへのリンク →

EXOTIC LILY

Score: 8.11

Matched TTPs:

T1114 - Email Collection
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

TA578

Score: 6.66

Matched TTPs:

T1114 - Email Collection
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Sidewinder

Score: 5.31

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustang Panda

Score: 20.56

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608 - Stage Capabilities
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode

MITREへのリンク →

ZIRCONIUM

Score: 10.28

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1547.002 - Authentication Package
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

APT32

Score: 11.06

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 17.46

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1683 - Generate Content
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

APT28

Score: 11.49

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Star Blizzard

Score: 7.72

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication

MITREへのリンク →

Moonstone Sleet

Score: 4.43

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media

MITREへのリンク →

CURIUM

Score: 4.22

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dragonfly

Score: 8.55

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Patchwork

Score: 9.13

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

TA2541

Score: 7.40

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

Earth Lusca

Score: 9.94

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

LuminousMoth

Score: 3.33

Matched TTPs:

T1091 - Replication Through Removable Media
T1027.018 - Invisible Unicode

MITREへのリンク →

OilRig

Score: 8.67

Matched TTPs:

T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

TeamTNT

Score: 4.03

Matched TTPs:

T1091 - Replication Through Removable Media
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

LazyScripter

Score: 5.35

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Gamaredon Group

Score: 11.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1608 - Stage Capabilities
T1608.005 - Link Target
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

Threat Group-3390

Score: 7.28

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

BITTER

Score: 7.09

Matched TTPs:

T1091 - Replication Through Removable Media
T1683 - Generate Content
T1218.010 - Regsvr32

MITREへのリンク →

HEXANE

Score: 4.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

Saint Bear

Score: 8.89

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

Contagious Interview

Score: 17.30

Matched TTPs:

T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1221 - Template Injection
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN7

Score: 12.28

Matched TTPs:

T1091 - Replication Through Removable Media
T1011.001 - Exfiltration Over Bluetooth
T1608.005 - Link Target
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

UNC3886

Score: 5.63

Matched TTPs:

T1021.006 - Windows Remote Management
T1218.010 - Regsvr32

MITREへのリンク →

HAFNIUM

Score: 6.55

Matched TTPs:

T1059 - Command and Scripting Interpreter
T1608.005 - Link Target

MITREへのリンク →

Medusa Group

Score: 8.60

Matched TTPs:

T1608.005 - Link Target
T1537 - Transfer Data to Cloud Account
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Turla

Score: 10.37

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

MuddyWater

Score: 7.26

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

APT29

Score: 19.62

Matched TTPs:

T1608.005 - Link Target
T1683 - Generate Content
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1223 - Compiled HTML File
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

Lazarus Group

Score: 14.63

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage

MITREへのリンク →

Confucius

Score: 4.87

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

POLONIUM

Score: 4.41

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

Tropic Trooper

Score: 5.12

Matched TTPs:

T1683 - Generate Content
T1218.010 - Regsvr32

MITREへのリンク →

Andariel

Score: 7.10

Matched TTPs:

T1187 - Forced Authentication
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT37

Score: 5.66

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT39

Score: 5.81

Matched TTPs:

T1547.002 - Authentication Package
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

The White Company

Score: 3.55

Matched TTPs:

T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Axiom

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Leviathan

Score: 7.45

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

BRONZE BUTLER

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 4.62

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Aoqin Dragon

Score: 3.55

Matched TTPs:

T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Elderwood

Score: 6.67

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volatile Cedar

Score: 4.13

Matched TTPs:

T1002 - Data Compressed

MITREへのリンク →

Windshift

Score: 3.13

Matched TTPs:

T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

APT38

Score: 5.18

Matched TTPs:

T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

Dark Caracal

Score: 3.82

Matched TTPs:

T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Winter Vivern

Score: 3.13

Matched TTPs:

T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Machete

Score: 3.13

Matched TTPs:

T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Daggerfly

Score: 5.96

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79

Matched TTPs:

T1213.006 - Databases
T1608 - Stage Capabilities
T1683.001 - Written Content
T1537 - Transfer Data to Cloud Account
T1547.002 - Authentication Package
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1027.018 - Invisible Unicode
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 0.71

Matched TTPs:

T1187 - Forced Authentication
T1564.008 - Email Hiding Rules
T1547.002 - Authentication Package
T1566.002 - Spearphishing Link
T1102.003 - One-Way Communication
T1546.016 - Installer Packages
T1114 - Email Collection
T1005 - Data from Local System
T1091 - Replication Through Removable Media
T1027.018 - Invisible Unicode
T1218.010 - Regsvr32

MITREへのリンク →

Volt Typhoon

Score: 0.56

Matched TTPs:

T1560.003 - Archive via Custom Method
T1574.002 - DLL Side-Loading
T1537 - Transfer Data to Cloud Account
T1102.003 - One-Way Communication
T1546.016 - Installer Packages
T1114 - Email Collection
T1148 - HISTCONTROL

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る