Trusted Design

BEBLOH Expands to Japan in Latest Spam Attack

概要

An old banking Trojan has been operating in Europe on a low level has spiked in activity after migrating to Japan. Cybercriminals are using local brand names such as local ISP providers and legitimate looking addresses to fool users into downloading malware that can steal information by monitoring browsers, file transfer protocol (FTP) clients, and mail clients. Its targets? Mostly rural banks. BEBLOH is a banking Trojan that has been around since as early as 2009. It has outlived several competitors including Zeus, and SpyEye. It is designed to steal money from unsuspecting victims right off their bank accounts without them even noticing. BEBLOH always came up with new defensive measures to avoid AV products, and this time is no different. BEBLOH is also known for hiding in memory and creating a temporary new executable file upon shutdown, and deleting said file after re-infecting the system.

Created: 2026-02-23

Indicators

類似Pulses

Taiwan targeted with new cyberespionage backdoor Trojan (score: 0.63)
Updated Blackmoon banking Trojan (score: 0.63)
TROJ_WERDLOD: New Banking Trojan Targets Japan (score: 0.62)
e-Banking Trojan Retefe still spreading in Switzerland (score: 0.61)
Retefe banking Trojan targets UK banking customers (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 4.13

Matched TTPs:

T1491.002 - External Defacement

MITREへのリンク →

Sandworm Team

Score: 4.13

Matched TTPs:

T1491.002 - External Defacement

MITREへのリンク →

Mustard Tempest

Score: 6.30

Matched TTPs:

T1583.008 - Malvertising
T1189 - Drive-by Compromise

MITREへのリンク →

BlackByte

Score: 4.13

Matched TTPs:

T1562 - Impair Defenses

MITREへのリンク →

Magic Hound

Score: 14.14

Matched TTPs:

T1562 - Impair Defenses
T1036.004 - Masquerade Task or Service
T1036.010 - Masquerade Account Name
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Fox Kitten

Score: 5.38

Matched TTPs:

T1217 - Browser Information Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Volt Typhoon

Score: 7.93

Matched TTPs:

T1217 - Browser Information Discovery
T1027.002 - Software Packing
T1124 - System Time Discovery

MITREへのリンク →

APT38

Score: 10.73

Matched TTPs:

T1217 - Browser Information Discovery
T1189 - Drive-by Compromise
T1027.002 - Software Packing
T1529 - System Shutdown/Reboot

MITREへのリンク →

Scattered Spider

Score: 9.65

Matched TTPs:

T1217 - Browser Information Discovery
T1087 - Account Discovery
T1657 - Financial Theft

MITREへのリンク →

Moonstone Sleet

Score: 5.81

Matched TTPs:

T1217 - Browser Information Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Chimera

Score: 5.88

Matched TTPs:

T1217 - Browser Information Discovery
T1124 - System Time Discovery

MITREへのリンク →

Aquatic Panda

Score: 5.94

Matched TTPs:

T1087 - Account Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

FIN13

Score: 11.13

Matched TTPs:

T1087 - Account Discovery
T1036.004 - Masquerade Task or Service
T1657 - Financial Theft
T1564.001 - Hidden Files and Directories

MITREへのリンク →

APT29

Score: 11.09

Matched TTPs:

T1550.003 - Pass the Ticket
T1027.002 - Software Packing
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

APT32

Score: 18.53

Matched TTPs:

T1550.003 - Pass the Ticket
T1036.004 - Masquerade Task or Service
T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1078.003 - Local Accounts

MITREへのリンク →

BRONZE BUTLER

Score: 8.20

Matched TTPs:

T1550.003 - Pass the Ticket
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

Kimsuky

Score: 15.24

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1657 - Financial Theft
T1218.010 - Regsvr32
T1027.002 - Software Packing
T1588.003 - Code Signing Certificates
T1078.003 - Local Accounts

MITREへのリンク →

FIN7

Score: 10.02

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1564.001 - Hidden Files and Directories
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Winter Vivern

Score: 3.86

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1189 - Drive-by Compromise

MITREへのリンク →

Wizard Spider

Score: 7.99

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN6

Score: 10.11

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

PROMETHIUM

Score: 6.53

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1189 - Drive-by Compromise
T1078.003 - Local Accounts

MITREへのリンク →

UNC3886

Score: 4.69

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1124 - System Time Discovery

MITREへのリンク →

ZIRCONIUM

Score: 6.74

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1027.002 - Software Packing
T1124 - System Time Discovery

MITREへのリンク →

Higaisa

Score: 11.68

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1001.003 - Protocol or Service Impersonation
T1124 - System Time Discovery
T1027.015 - Compression

MITREへのリンク →

Lazarus Group

Score: 25.99

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1001.003 - Protocol or Service Impersonation
T1189 - Drive-by Compromise
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1529 - System Shutdown/Reboot

MITREへのリンク →

Storm-0501

Score: 13.26

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1657 - Financial Theft
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account
T1027.002 - Software Packing

MITREへのリンク →

APT41

Score: 4.15

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1027.002 - Software Packing

MITREへのリンク →

INC Ransom

Score: 6.37

Matched TTPs:

T1657 - Financial Theft
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Contagious Interview

Score: 7.79

Matched TTPs:

T1657 - Financial Theft
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Medusa Group

Score: 10.94

Matched TTPs:

T1657 - Financial Theft
T1573.002 - Asymmetric Cryptography
T1027.002 - Software Packing
T1529 - System Shutdown/Reboot

MITREへのリンク →

Play

Score: 5.19

Matched TTPs:

T1657 - Financial Theft
T1078.003 - Local Accounts

MITREへのリンク →

Cobalt Group

Score: 5.49

Matched TTPs:

T1218.010 - Regsvr32
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Leviathan

Score: 7.66

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1027.015 - Compression

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise

MITREへのリンク →

TA2541

Score: 7.95

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1027.002 - Software Packing
T1027.015 - Compression

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1078.003 - Local Accounts

MITREへのリンク →

Tropic Trooper

Score: 8.08

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1564.001 - Hidden Files and Directories
T1078.003 - Local Accounts

MITREへのリンク →

RedCurl

Score: 9.26

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1537 - Transfer Data to Cloud Account
T1564.001 - Hidden Files and Directories

MITREへのリンク →

OilRig

Score: 11.17

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN8

Score: 8.64

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Mustang Panda

Score: 16.54

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Storm-1811

Score: 6.14

Matched TTPs:

T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dragonfly

Score: 5.39

Matched TTPs:

T1036.010 - Masquerade Account Name
T1189 - Drive-by Compromise

MITREへのリンク →

APT3

Score: 5.67

Matched TTPs:

T1036.010 - Masquerade Account Name
T1027.002 - Software Packing

MITREへのリンク →

Transparent Tribe

Score: 4.43

Matched TTPs:

T1189 - Drive-by Compromise
T1564.001 - Hidden Files and Directories

MITREへのリンク →

PLATINUM

Score: 6.30

Matched TTPs:

T1189 - Drive-by Compromise
T1056.004 - Credential API Hooking

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Darkhotel

Score: 4.36

Matched TTPs:

T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

APT28

Score: 17.64

Matched TTPs:

T1189 - Drive-by Compromise
T1498 - Network Denial of Service
T1564.001 - Hidden Files and Directories
T1137.002 - Office Test
T1550.001 - Application Access Token

MITREへのリンク →

Dark Caracal

Score: 6.34

Matched TTPs:

T1189 - Drive-by Compromise
T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 7.02

Matched TTPs:

T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Patchwork

Score: 3.82

Matched TTPs:

T1189 - Drive-by Compromise
T1027.002 - Software Packing

MITREへのリンク →

Threat Group-3390

Score: 10.12

Matched TTPs:

T1189 - Drive-by Compromise
T1027.002 - Software Packing
T1588.003 - Code Signing Certificates
T1027.015 - Compression

MITREへのリンク →

Elderwood

Score: 3.82

Matched TTPs:

T1189 - Drive-by Compromise
T1027.002 - Software Packing

MITREへのリンク →

APT37

Score: 5.39

Matched TTPs:

T1189 - Drive-by Compromise
T1529 - System Shutdown/Reboot

MITREへのリンク →

CURIUM

Score: 6.88

Matched TTPs:

T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

The White Company

Score: 4.65

Matched TTPs:

T1027.002 - Software Packing
T1124 - System Time Discovery

MITREへのリンク →

Rocke

Score: 4.72

Matched TTPs:

T1027.002 - Software Packing
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1588.003 - Code Signing Certificates

MITREへのリンク →

HAFNIUM

Score: 9.46

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Gamaredon Group

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.81

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1001.003 - Protocol or Service Impersonation
T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1036.004 - Masquerade Task or Service
T1529 - System Shutdown/Reboot
T1566.003 - Spearphishing via Service
T1564.001 - Hidden Files and Directories
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT32

Score: 0.61

Matched TTPs:

T1550.003 - Pass the Ticket
T1218.010 - Regsvr32
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1189 - Drive-by Compromise
T1036.004 - Masquerade Task or Service
T1078.003 - Local Accounts
T1564.001 - Hidden Files and Directories

MITREへのリンク →

APT28

Score: 0.59

Matched TTPs:

T1189 - Drive-by Compromise
T1550.001 - Application Access Token
T1564.001 - Hidden Files and Directories
T1498 - Network Denial of Service
T1137.002 - Office Test

MITREへのリンク →

Mustang Panda

Score: 0.56

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1001.003 - Protocol or Service Impersonation
T1588.003 - Code Signing Certificates
T1564.001 - Hidden Files and Directories
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る