Trusted Design

IoTPOT: Analysing the Rise of IoT Compromises

概要

We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our honeypot and captured malware samples, we show that there are currently at least 4 distinct DDoS malware families targeting Telnet-enabled IoT devices and one of the families has quickly evolved to target more devices with as many as 9 different CPU architectures.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

IoT_reaper: A Rappid Spreading New IoT Botnet (score: 0.65)
A new IoT Botnet is Spreading over HTTP 81 on a Large Scale (score: 0.65)
NCCIC / US-CERT: IB-17-20217-Indicators Related to IOT_Reaper Malware (score: 0.64)
Linux/IRCTelnet (new Aidra) - A DDoS botnet aims IoT w/ IPv6 ready (score: 0.64)
IoTroop Botnet The Full Investigation (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Magic Hound

Score: 10.27

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1190 - Exploit Public-Facing Application
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

HEXANE

Score: 4.72

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware

MITREへのリンク →

APT29

Score: 9.49

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1190 - Exploit Public-Facing Application
T1090.003 - Multi-hop Proxy
T1566.003 - Spearphishing via Service

MITREへのリンク →

Gamaredon Group

Score: 12.00

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware
T1090.003 - Multi-hop Proxy
T1001 - Data Obfuscation

MITREへのリンク →

TA2541

Score: 4.72

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1608.001 - Upload Malware

MITREへのリンク →

Lotus Blossom

Score: 7.26

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1090.003 - Multi-hop Proxy
T1046 - Network Service Discovery

MITREへのリンク →

FIN13

Score: 5.98

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

HAFNIUM

Score: 11.68

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet

MITREへのリンク →

Turla

Score: 12.46

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1007 - System Service Discovery
T1189 - Drive-by Compromise
T1584.004 - Server
T1124 - System Time Discovery

MITREへのリンク →

Volt Typhoon

Score: 20.30

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1007 - System Service Discovery
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1090.003 - Multi-hop Proxy
T1584.004 - Server
T1046 - Network Service Discovery
T1124 - System Time Discovery

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Ke3chang

Score: 7.84

Matched TTPs:

T1583.005 - Botnet
T1007 - System Service Discovery
T1190 - Exploit Public-Facing Application

MITREへのリンク →

BRONZE BUTLER

Score: 6.88

Matched TTPs:

T1007 - System Service Discovery
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

TeamTNT

Score: 6.26

Matched TTPs:

T1007 - System Service Discovery
T1608.001 - Upload Malware
T1046 - Network Service Discovery

MITREへのリンク →

Indrik Spider

Score: 5.36

Matched TTPs:

T1007 - System Service Discovery
T1584.004 - Server

MITREへのリンク →

OilRig

Score: 8.78

Matched TTPs:

T1007 - System Service Discovery
T1608.001 - Upload Malware
T1046 - Network Service Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Kimsuky

Score: 5.97

Matched TTPs:

T1007 - System Service Discovery
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Chimera

Score: 6.88

Matched TTPs:

T1007 - System Service Discovery
T1046 - Network Service Discovery
T1124 - System Time Discovery

MITREへのリンク →

Earth Lusca

Score: 10.56

Matched TTPs:

T1007 - System Service Discovery
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Sandworm Team

Score: 14.44

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1499 - Endpoint Denial of Service
T1584.004 - Server

MITREへのリンク →

Mustang Panda

Score: 7.87

Matched TTPs:

T1608.001 - Upload Malware
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1608.001 - Upload Malware
T1189 - Drive-by Compromise

MITREへのリンク →

Threat Group-3390

Score: 6.97

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1189 - Drive-by Compromise
T1046 - Network Service Discovery

MITREへのリンク →

BlackByte

Score: 5.21

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

APT32

Score: 5.50

Matched TTPs:

T1608.001 - Upload Malware
T1189 - Drive-by Compromise
T1046 - Network Service Discovery

MITREへのリンク →

Saint Bear

Score: 5.82

Matched TTPs:

T1608.001 - Upload Malware
T1497 - Virtualization/Sandbox Evasion

MITREへのリンク →

Moonstone Sleet

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 8.34

Matched TTPs:

T1608.001 - Upload Malware
T1497 - Virtualization/Sandbox Evasion
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 6.03

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1124 - System Time Discovery

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 5.82

Matched TTPs:

T1608.001 - Upload Malware
T1056 - Input Capture

MITREへのリンク →

Rocke

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

APT28

Score: 10.52

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.003 - Multi-hop Proxy
T1189 - Drive-by Compromise
T1498 - Network Denial of Service

MITREへのリンク →

Ember Bear

Score: 5.98

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.003 - Multi-hop Proxy
T1046 - Network Service Discovery

MITREへのリンク →

BackdoorDiplomacy

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

BlackTech

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

Medusa Group

Score: 5.98

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.003 - Multi-hop Proxy
T1046 - Network Service Discovery

MITREへのリンク →

Fox Kitten

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

Agrius

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

menuPass

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

Winter Vivern

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1189 - Drive-by Compromise

MITREへのリンク →

Leviathan

Score: 8.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.003 - Multi-hop Proxy
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

INC Ransom

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

UNC3886

Score: 4.06

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1124 - System Time Discovery

MITREへのリンク →

Dragonfly

Score: 6.07

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Axiom

Score: 6.86

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1189 - Drive-by Compromise

MITREへのリンク →

APT41

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

APT39

Score: 7.08

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1056 - Input Capture
T1046 - Network Service Discovery

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1659 - Content Injection

MITREへのリンク →

Darkhotel

Score: 8.20

Matched TTPs:

T1497 - Virtualization/Sandbox Evasion
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

ZIRCONIUM

Score: 5.34

Matched TTPs:

T1090.003 - Multi-hop Proxy
T1124 - System Time Discovery

MITREへのリンク →

Storm-1811

Score: 6.37

Matched TTPs:

T1056 - Input Capture
T1566.003 - Spearphishing via Service

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 15.61

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Leafminer

Score: 3.53

Matched TTPs:

T1189 - Drive-by Compromise
T1046 - Network Service Discovery

MITREへのリンク →

CURIUM

Score: 6.88

Matched TTPs:

T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

FIN6

Score: 4.29

Matched TTPs:

T1046 - Network Service Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Scattered Spider

Score: 4.54

Matched TTPs:

T1538 - Cloud Service Dashboard

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.003 - Multi-hop Proxy
T1584.005 - Botnet
T1584.004 - Server
T1046 - Network Service Discovery
T1124 - System Time Discovery
T1007 - System Service Discovery
T1016.001 - Internet Connection Discovery

MITREへのリンク →

Sandworm Team

Score: 0.61

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server
T1584.005 - Botnet
T1608.001 - Upload Malware
T1499 - Endpoint Denial of Service

MITREへのリンク →

Lazarus Group

Score: 0.61

Matched TTPs:

T1584.004 - Server
T1027.007 - Dynamic API Resolution
T1046 - Network Service Discovery
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1189 - Drive-by Compromise

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る