Trusted Design

BEBLOH Expands to Japan in Latest Spam Attack

概要

An old banking Trojan has been operating in Europe on a low level has spiked in activity after migrating to Japan. Cybercriminals are using local brand names such as local ISP providers and legitimate looking addresses to fool users into downloading malware that can steal information by monitoring browsers, file transfer protocol (FTP) clients, and mail clients. Its targets? Mostly rural banks. BEBLOH is a banking Trojan that has been around since as early as 2009. It has outlived several competitors including Zeus, and SpyEye. It is designed to steal money from unsuspecting victims right off their bank accounts without them even noticing. BEBLOH always came up with new defensive measures to avoid AV products, and this time is no different. BEBLOH is also known for hiding in memory and creating a temporary new executable file upon shutdown, and deleting said file after re-infecting the system.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 4.13
Matched TTPs:
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Sandworm Team

Score: 4.13
Matched TTPs:
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Mustard Tempest

Score: 6.30
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BlackByte

Score: 4.13
Matched TTPs:
  • T1070.003 - Clear Command History
MITREへのリンク →

Magic Hound

Score: 14.14
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1588.001 - Malware
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 5.38
Matched TTPs:
  • T1491 - Defacement
  • T1588.001 - Malware
MITREへのリンク →

Volt Typhoon

Score: 7.93
Matched TTPs:
  • T1491 - Defacement
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT38

Score: 10.73
Matched TTPs:
  • T1491 - Defacement
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Scattered Spider

Score: 9.65
Matched TTPs:
  • T1491 - Defacement
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
MITREへのリンク →

Moonstone Sleet

Score: 5.81
Matched TTPs:
  • T1491 - Defacement
  • T1547.008 - LSASS Driver
MITREへのリンク →

Chimera

Score: 5.88
Matched TTPs:
  • T1491 - Defacement
  • T1578.001 - Create Snapshot
MITREへのリンク →

Aquatic Panda

Score: 5.94
Matched TTPs:
  • T1144 - Gatekeeper Bypass
  • T1588.001 - Malware
MITREへのリンク →

FIN13

Score: 11.13
Matched TTPs:
  • T1144 - Gatekeeper Bypass
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 11.09
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT32

Score: 18.53
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1588.001 - Malware
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BRONZE BUTLER

Score: 8.20
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

Kimsuky

Score: 15.24
Matched TTPs:
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
  • T1526 - Cloud Service Discovery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN7

Score: 10.02
Matched TTPs:
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
  • T1578.001 - Create Snapshot
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Winter Vivern

Score: 3.86
Matched TTPs:
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Wizard Spider

Score: 7.99
Matched TTPs:
  • T1588.001 - Malware
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN6

Score: 10.11
Matched TTPs:
  • T1588.001 - Malware
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

PROMETHIUM

Score: 6.53
Matched TTPs:
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

UNC3886

Score: 4.69
Matched TTPs:
  • T1588.001 - Malware
  • T1578.001 - Create Snapshot
MITREへのリンク →

ZIRCONIUM

Score: 6.74
Matched TTPs:
  • T1588.001 - Malware
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

Higaisa

Score: 11.68
Matched TTPs:
  • T1588.001 - Malware
  • T1567.002 - Exfiltration to Cloud Storage
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

Lazarus Group

Score: 25.99
Matched TTPs:
  • T1588.001 - Malware
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Storm-0501

Score: 13.26
Matched TTPs:
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1055.009 - Proc Memory
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT41

Score: 4.15
Matched TTPs:
  • T1588.001 - Malware
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

INC Ransom

Score: 6.37
Matched TTPs:
  • T1552.003 - Shell History
  • T1055.009 - Proc Memory
MITREへのリンク →

Contagious Interview

Score: 7.79
Matched TTPs:
  • T1552.003 - Shell History
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Medusa Group

Score: 10.94
Matched TTPs:
  • T1552.003 - Shell History
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Play

Score: 5.19
Matched TTPs:
  • T1552.003 - Shell History
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 5.49
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Leviathan

Score: 7.66
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
  • T1546.017 - Udev Rules
MITREへのリンク →

APT19

Score: 4.51
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 7.95
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Velvet Ant

Score: 5.41
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Tropic Trooper

Score: 8.08
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1105 - Ingress Tool Transfer
  • T1490 - Inhibit System Recovery
MITREへのリンク →

RedCurl

Score: 9.26
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1055.009 - Proc Memory
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 11.17
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1526 - Cloud Service Discovery
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN8

Score: 8.64
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustang Panda

Score: 16.54
Matched TTPs:
  • T1567.002 - Exfiltration to Cloud Storage
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

Storm-1811

Score: 6.14
Matched TTPs:
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 5.39
Matched TTPs:
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT3

Score: 5.67
Matched TTPs:
  • T1578.002 - Create Cloud Instance
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Transparent Tribe

Score: 4.43
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PLATINUM

Score: 6.30
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Windshift

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Darkhotel

Score: 4.36
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT28

Score: 17.64
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Dark Caracal

Score: 6.34
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 7.02
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Patchwork

Score: 3.82
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Threat Group-3390

Score: 10.12
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

Elderwood

Score: 3.82
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT37

Score: 5.39
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

CURIUM

Score: 6.88
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

The White Company

Score: 4.65
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

Rocke

Score: 4.72
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

BlackTech

Score: 3.15
Matched TTPs:
  • T1526 - Cloud Service Discovery
MITREへのリンク →

HAFNIUM

Score: 9.46
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Gamaredon Group

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.81
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1588.001 - Malware
  • T1567.002 - Exfiltration to Cloud Storage
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
MITREへのリンク →

APT32

Score: 0.61
Matched TTPs:
  • T1588.001 - Malware
  • T1027.014 - Polymorphic Code
  • T1592.004 - Client Configurations
  • T1490 - Inhibit System Recovery
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT28

Score: 0.59
Matched TTPs:
  • T1055.008 - Ptrace System Calls
  • T1146 - Clear Command History
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustang Panda

Score: 0.56
Matched TTPs:
  • T1567.002 - Exfiltration to Cloud Storage
  • T1526 - Cloud Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る