Trusted Design

Lurk: a danger where you least expect it

概要

While we were researching the malicious program Lurk in early February 2016, we discovered an interesting oddity in how this banking Trojan spreads. From the data we had, it emerged that the users attacked by Lurk also installed the remote administration software Ammyy Admin on their computers. At first, we didn’t really give this much thought, but further research showed that the official Ammyy Admin website had most probably been compromised, and the Trojan had been downloaded to users’ computers along with the legitimate Ammyy Admin software. Source : https://securelist.com/blog/research/75384/lurk-a-danger-where-you-least-expect-it/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Lurk Banker Trojan + Additional C2 information (score: 0.60)
Operation Buhtrap malware distributed via ammyy.com (score: 0.60)
Malicious Word document delivers LuminosityLink RAT (score: 0.58)
Defending the White Elephant (score: 0.56)
EngineBox Malware Supports 10+ Brazilian Banks - SANS Internet Storm Center (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 9.47

Matched TTPs:

T1491.002 - External Defacement
T1195 - Supply Chain Compromise
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 20.42

Matched TTPs:

T1491.002 - External Defacement
T1587.001 - Malware
T1195 - Supply Chain Compromise
T1584.005 - Botnet
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

APT41

Score: 6.43

Matched TTPs:

T1069 - Permission Groups Discovery
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Scattered Spider

Score: 11.59

Matched TTPs:

T1069 - Permission Groups Discovery
T1657 - Financial Theft
T1204 - User Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

TA505

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

Volt Typhoon

Score: 14.22

Matched TTPs:

T1069 - Permission Groups Discovery
T1584.005 - Botnet
T1584.004 - Server
T1021.001 - Remote Desktop Protocol
T1680 - Local Storage Discovery

MITREへのリンク →

APT3

Score: 6.43

Matched TTPs:

T1069 - Permission Groups Discovery
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN13

Score: 16.76

Matched TTPs:

T1069 - Permission Groups Discovery
T1587.001 - Malware
T1657 - Financial Theft
T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories
T1556 - Modify Authentication Process

MITREへのリンク →

Kimsuky

Score: 14.24

Matched TTPs:

T1587.001 - Malware
T1657 - Financial Theft
T1218.010 - Regsvr32
T1102.002 - Bidirectional Communication
T1021.001 - Remote Desktop Protocol
T1680 - Local Storage Discovery

MITREへのリンク →

Indrik Spider

Score: 6.58

Matched TTPs:

T1587.001 - Malware
T1584.004 - Server
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Lazarus Group

Score: 28.17

Matched TTPs:

T1587.001 - Malware
T1491.001 - Internal Defacement
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1189 - Drive-by Compromise
T1584.004 - Server
T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories
T1680 - Local Storage Discovery
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Contagious Interview

Score: 16.44

Matched TTPs:

T1587.001 - Malware
T1204.005 - Malicious Library
T1657 - Financial Theft
T1204.004 - Malicious Copy and Paste
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

OilRig

Score: 16.37

Matched TTPs:

T1587.001 - Malware
T1195 - Supply Chain Compromise
T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page
T1021.001 - Remote Desktop Protocol
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

UNC3886

Score: 3.59

Matched TTPs:

T1587.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

LuminousMoth

Score: 4.76

Matched TTPs:

T1587.001 - Malware
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Salt Typhoon

Score: 4.84

Matched TTPs:

T1587.001 - Malware
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT29

Score: 8.13

Matched TTPs:

T1587.001 - Malware
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting

MITREへのリンク →

Play

Score: 4.62

Matched TTPs:

T1587.001 - Malware
T1657 - Financial Theft

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1587.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

RedCurl

Score: 8.89

Matched TTPs:

T1587.001 - Malware
T1056.002 - GUI Input Capture
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Turla

Score: 9.09

Matched TTPs:

T1587.001 - Malware
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Mustang Panda

Score: 17.38

Matched TTPs:

T1587.001 - Malware
T1176.002 - IDE Extensions
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

TeamTNT

Score: 4.93

Matched TTPs:

T1587.001 - Malware
T1680 - Local Storage Discovery

MITREへのリンク →

FIN7

Score: 13.35

Matched TTPs:

T1587.001 - Malware
T1674 - Input Injection
T1102.002 - Bidirectional Communication
T1021.001 - Remote Desktop Protocol
T1564.001 - Hidden Files and Directories

MITREへのリンク →

HAFNIUM

Score: 10.42

Matched TTPs:

T1584.005 - Botnet
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token

MITREへのリンク →

Axiom

Score: 13.07

Matched TTPs:

T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1563.002 - RDP Hijacking
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

INC Ransom

Score: 4.17

Matched TTPs:

T1657 - Financial Theft
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Storm-0501

Score: 5.27

Matched TTPs:

T1657 - Financial Theft
T1218.010 - Regsvr32

MITREへのリンク →

Akira

Score: 4.17

Matched TTPs:

T1657 - Financial Theft
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Medusa Group

Score: 8.71

Matched TTPs:

T1657 - Financial Theft
T1021.001 - Remote Desktop Protocol
T1218.014 - MMC

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1204 - User Execution

MITREへのリンク →

Gamaredon Group

Score: 6.24

Matched TTPs:

T1491.001 - Internal Defacement
T1102.002 - Bidirectional Communication

MITREへのリンク →

BlackByte

Score: 5.49

Matched TTPs:

T1491.001 - Internal Defacement
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1056.002 - GUI Input Capture

MITREへのリンク →

Cobalt Group

Score: 5.89

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Blue Mockingbird

Score: 4.39

Matched TTPs:

T1218.010 - Regsvr32
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Leviathan

Score: 10.49

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Inception

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 11.42

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise

MITREへのリンク →

APT37

Score: 5.66

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT39

Score: 4.05

Matched TTPs:

T1102.002 - Bidirectional Communication
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Magic Hound

Score: 5.81

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

HEXANE

Score: 4.05

Matched TTPs:

T1102.002 - Bidirectional Communication
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT28

Score: 16.59

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

MuddyWater

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Threat Group-3390

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Dragonfly

Score: 7.74

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

Patchwork

Score: 7.74

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1021.001 - Remote Desktop Protocol
T1680 - Local Storage Discovery

MITREへのリンク →

Higaisa

Score: 8.17

Matched TTPs:

T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1680 - Local Storage Discovery

MITREへのリンク →

BRONZE BUTLER

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Transparent Tribe

Score: 5.92

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Tropic Trooper

Score: 6.99

Matched TTPs:

T1203 - Exploitation for Client Execution
T1564.001 - Hidden Files and Directories
T1680 - Local Storage Discovery

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT33

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Earth Lusca

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Mustard Tempest

Score: 6.30

Matched TTPs:

T1189 - Drive-by Compromise
T1608.006 - SEO Poisoning

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

FIN8

Score: 4.39

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Wizard Spider

Score: 4.39

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN6

Score: 4.39

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Chimera

Score: 4.48

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1680 - Local Storage Discovery

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79

Matched TTPs:

T1587.001 - Malware
T1001.003 - Protocol or Service Impersonation
T1102.002 - Bidirectional Communication
T1680 - Local Storage Discovery
T1584.004 - Server
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1491.001 - Internal Defacement
T1021.001 - Remote Desktop Protocol
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Sandworm Team

Score: 0.61

Matched TTPs:

T1587.001 - Malware
T1102.002 - Bidirectional Communication
T1195 - Supply Chain Compromise
T1584.004 - Server
T1203 - Exploitation for Client Execution
T1491.002 - External Defacement
T1584.005 - Botnet

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る