Trusted Design

IoTPOT: Analysing the Rise of IoT Compromises

概要

We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our honeypot and captured malware samples, we show that there are currently at least 4 distinct DDoS malware families targeting Telnet-enabled IoT devices and one of the families has quickly evolved to target more devices with as many as 9 different CPU architectures.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

IoT_reaper: A Rappid Spreading New IoT Botnet (score: 0.65)
A new IoT Botnet is Spreading over HTTP 81 on a Large Scale (score: 0.65)
NCCIC / US-CERT: IB-17-20217-Indicators Related to IOT_Reaper Malware (score: 0.64)
Linux/IRCTelnet (new Aidra) - A DDoS botnet aims IoT w/ IPv6 ready (score: 0.64)
IoTroop Botnet The Full Investigation (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Magic Hound

Score: 10.27

Matched TTPs:

T1099 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1547.008 - LSASS Driver

MITREへのリンク →

HEXANE

Score: 4.72

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media

MITREへのリンク →

APT29

Score: 9.49

Matched TTPs:

T1099 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1547.008 - LSASS Driver

MITREへのリンク →

Gamaredon Group

Score: 12.00

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media
T1056.002 - GUI Input Capture
T1061 - Graphical User Interface

MITREへのリンク →

TA2541

Score: 4.72

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media

MITREへのリンク →

Lotus Blossom

Score: 7.26

Matched TTPs:

T1099 - Timestomp
T1056.002 - GUI Input Capture
T1209 - Time Providers

MITREへのリンク →

FIN13

Score: 5.98

Matched TTPs:

T1099 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

HAFNIUM

Score: 11.68

Matched TTPs:

T1099 - Timestomp
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery

MITREへのリンク →

Turla

Score: 12.46

Matched TTPs:

T1099 - Timestomp
T1003.007 - Proc Filesystem
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1578.001 - Create Snapshot

MITREへのリンク →

Volt Typhoon

Score: 20.30

Matched TTPs:

T1099 - Timestomp
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1056.002 - GUI Input Capture
T1546.016 - Installer Packages
T1209 - Time Providers
T1578.001 - Create Snapshot

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Ke3chang

Score: 7.84

Matched TTPs:

T1027.008 - Stripped Payloads
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

BRONZE BUTLER

Score: 6.88

Matched TTPs:

T1003.007 - Proc Filesystem
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

TeamTNT

Score: 6.26

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1209 - Time Providers

MITREへのリンク →

Indrik Spider

Score: 5.36

Matched TTPs:

T1003.007 - Proc Filesystem
T1546.016 - Installer Packages

MITREへのリンク →

OilRig

Score: 8.78

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1209 - Time Providers
T1547.008 - LSASS Driver

MITREへのリンク →

Kimsuky

Score: 5.97

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Chimera

Score: 6.88

Matched TTPs:

T1003.007 - Proc Filesystem
T1209 - Time Providers
T1578.001 - Create Snapshot

MITREへのリンク →

Earth Lusca

Score: 10.56

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Sandworm Team

Score: 14.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1075 - Pass the Hash
T1546.016 - Installer Packages

MITREへのリンク →

Mustang Panda

Score: 7.87

Matched TTPs:

T1091 - Replication Through Removable Media
T1209 - Time Providers
T1055.005 - Thread Local Storage

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

Threat Group-3390

Score: 6.97

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.012 - Hypervisor CLI
T1209 - Time Providers

MITREへのリンク →

BlackByte

Score: 5.21

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

APT32

Score: 5.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1209 - Time Providers

MITREへのリンク →

Saint Bear

Score: 5.82

Matched TTPs:

T1091 - Replication Through Removable Media
T1064 - Scripting

MITREへのリンク →

Moonstone Sleet

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 8.34

Matched TTPs:

T1091 - Replication Through Removable Media
T1064 - Scripting
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 6.03

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1578.001 - Create Snapshot

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 5.82

Matched TTPs:

T1091 - Replication Through Removable Media
T1599 - Network Boundary Bridging

MITREへのリンク →

Rocke

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

APT28

Score: 10.52

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1059.012 - Hypervisor CLI
T1146 - Clear Command History

MITREへのリンク →

Ember Bear

Score: 5.98

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1209 - Time Providers

MITREへのリンク →

BackdoorDiplomacy

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

BlackTech

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

Medusa Group

Score: 5.98

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1209 - Time Providers

MITREへのリンク →

Fox Kitten

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

Agrius

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

menuPass

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

Winter Vivern

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.012 - Hypervisor CLI

MITREへのリンク →

Leviathan

Score: 8.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

INC Ransom

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

UNC3886

Score: 4.06

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1578.001 - Create Snapshot

MITREへのリンク →

Dragonfly

Score: 6.07

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Axiom

Score: 6.86

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT41

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

APT39

Score: 7.08

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1599 - Network Boundary Bridging
T1209 - Time Providers

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

Darkhotel

Score: 8.20

Matched TTPs:

T1064 - Scripting
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

ZIRCONIUM

Score: 5.34

Matched TTPs:

T1056.002 - GUI Input Capture
T1578.001 - Create Snapshot

MITREへのリンク →

Storm-1811

Score: 6.37

Matched TTPs:

T1599 - Network Boundary Bridging
T1547.008 - LSASS Driver

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 15.61

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Leafminer

Score: 3.53

Matched TTPs:

T1059.012 - Hypervisor CLI
T1209 - Time Providers

MITREへのリンク →

CURIUM

Score: 6.88

Matched TTPs:

T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

FIN6

Score: 4.29

Matched TTPs:

T1209 - Time Providers
T1547.008 - LSASS Driver

MITREへのリンク →

Scattered Spider

Score: 4.54

Matched TTPs:

T1027.002 - Software Packing

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.81

Matched TTPs:

T1578.001 - Create Snapshot
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1099 - Timestomp
T1003.007 - Proc Filesystem
T1546.016 - Installer Packages
T1209 - Time Providers
T1056.002 - GUI Input Capture

MITREへのリンク →

Sandworm Team

Score: 0.61

Matched TTPs:

T1075 - Pass the Hash
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1546.016 - Installer Packages

MITREへのリンク →

Lazarus Group

Score: 0.61

Matched TTPs:

T1578.001 - Create Snapshot
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1547.008 - LSASS Driver
T1209 - Time Providers
T1055.005 - Thread Local Storage

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る