Trusted Design

Lurk: a danger where you least expect it

概要

While we were researching the malicious program Lurk in early February 2016, we discovered an interesting oddity in how this banking Trojan spreads. From the data we had, it emerged that the users attacked by Lurk also installed the remote administration software Ammyy Admin on their computers. At first, we didn’t really give this much thought, but further research showed that the official Ammyy Admin website had most probably been compromised, and the Trojan had been downloaded to users’ computers along with the legitimate Ammyy Admin software. Source : https://securelist.com/blog/research/75384/lurk-a-danger-where-you-least-expect-it/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Lurk Banker Trojan + Additional C2 information (score: 0.60)
Operation Buhtrap malware distributed via ammyy.com (score: 0.60)
Malicious Word document delivers LuminosityLink RAT (score: 0.58)
Defending the White Elephant (score: 0.56)
EngineBox Malware Supports 10+ Brazilian Banks - SANS Internet Storm Center (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 9.47

Matched TTPs:

T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 20.42

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1005 - Data from Local System
T1049 - System Network Connections Discovery
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

APT41

Score: 6.43

Matched TTPs:

T1560.003 - Archive via Custom Method
T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

Scattered Spider

Score: 11.59

Matched TTPs:

T1560.003 - Archive via Custom Method
T1552.003 - Shell History
T1619 - Cloud Storage Object Discovery
T1622 - Debugger Evasion

MITREへのリンク →

TA505

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Volt Typhoon

Score: 14.22

Matched TTPs:

T1560.003 - Archive via Custom Method
T1049 - System Network Connections Discovery
T1546.016 - Installer Packages
T1622 - Debugger Evasion
T1665 - Hide Infrastructure

MITREへのリンク →

APT3

Score: 6.43

Matched TTPs:

T1560.003 - Archive via Custom Method
T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

FIN13

Score: 16.76

Matched TTPs:

T1560.003 - Archive via Custom Method
T1606.002 - SAML Tokens
T1552.003 - Shell History
T1622 - Debugger Evasion
T1105 - Ingress Tool Transfer
T1686.001 - Cloud Firewall

MITREへのリンク →

Kimsuky

Score: 14.24

Matched TTPs:

T1606.002 - SAML Tokens
T1552.003 - Shell History
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package
T1622 - Debugger Evasion
T1665 - Hide Infrastructure

MITREへのリンク →

Indrik Spider

Score: 6.58

Matched TTPs:

T1606.002 - SAML Tokens
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

Lazarus Group

Score: 28.17

Matched TTPs:

T1606.002 - SAML Tokens
T1606.001 - Web Cookies
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1622 - Debugger Evasion
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure
T1556 - Modify Authentication Process

MITREへのリンク →

Contagious Interview

Score: 16.44

Matched TTPs:

T1606.002 - SAML Tokens
T1016 - System Network Configuration Discovery
T1552.003 - Shell History
T1221 - Template Injection
T1556 - Modify Authentication Process

MITREへのリンク →

OilRig

Score: 16.37

Matched TTPs:

T1606.002 - SAML Tokens
T1005 - Data from Local System
T1218.010 - Regsvr32
T1592.002 - Software
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

UNC3886

Score: 3.59

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 4.76

Matched TTPs:

T1606.002 - SAML Tokens
T1105 - Ingress Tool Transfer

MITREへのリンク →

Salt Typhoon

Score: 4.84

Matched TTPs:

T1606.002 - SAML Tokens
T1556 - Modify Authentication Process

MITREへのリンク →

APT29

Score: 8.13

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm

MITREへのリンク →

Play

Score: 4.62

Matched TTPs:

T1606.002 - SAML Tokens
T1552.003 - Shell History

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 8.89

Matched TTPs:

T1606.002 - SAML Tokens
T1574.010 - Services File Permissions Weakness
T1105 - Ingress Tool Transfer

MITREへのリンク →

Turla

Score: 9.09

Matched TTPs:

T1606.002 - SAML Tokens
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Mustang Panda

Score: 17.38

Matched TTPs:

T1606.002 - SAML Tokens
T1136.001 - Local Account
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

TeamTNT

Score: 4.93

Matched TTPs:

T1606.002 - SAML Tokens
T1665 - Hide Infrastructure

MITREへのリンク →

FIN7

Score: 13.35

Matched TTPs:

T1606.002 - SAML Tokens
T1011.001 - Exfiltration Over Bluetooth
T1547.002 - Authentication Package
T1622 - Debugger Evasion
T1105 - Ingress Tool Transfer

MITREへのリンク →

HAFNIUM

Score: 10.42

Matched TTPs:

T1049 - System Network Connections Discovery
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls

MITREへのリンク →

Axiom

Score: 13.07

Matched TTPs:

T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1189 - Drive-by Compromise
T1622 - Debugger Evasion

MITREへのリンク →

INC Ransom

Score: 4.17

Matched TTPs:

T1552.003 - Shell History
T1622 - Debugger Evasion

MITREへのリンク →

Storm-0501

Score: 5.27

Matched TTPs:

T1552.003 - Shell History
T1027.014 - Polymorphic Code

MITREへのリンク →

Akira

Score: 4.17

Matched TTPs:

T1552.003 - Shell History
T1622 - Debugger Evasion

MITREへのリンク →

Medusa Group

Score: 8.71

Matched TTPs:

T1552.003 - Shell History
T1622 - Debugger Evasion
T1094 - Custom Command and Control Protocol

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1619 - Cloud Storage Object Discovery

MITREへのリンク →

Gamaredon Group

Score: 6.24

Matched TTPs:

T1606.001 - Web Cookies
T1547.002 - Authentication Package

MITREへのリンク →

BlackByte

Score: 5.49

Matched TTPs:

T1606.001 - Web Cookies
T1622 - Debugger Evasion

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1574.010 - Services File Permissions Weakness

MITREへのリンク →

Cobalt Group

Score: 5.89

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

Blue Mockingbird

Score: 4.39

Matched TTPs:

T1027.014 - Polymorphic Code
T1622 - Debugger Evasion

MITREへのリンク →

Leviathan

Score: 10.49

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

Inception

Score: 4.24

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 11.42

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT37

Score: 5.66

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT39

Score: 4.05

Matched TTPs:

T1547.002 - Authentication Package
T1622 - Debugger Evasion

MITREへのリンク →

Magic Hound

Score: 5.81

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1622 - Debugger Evasion

MITREへのリンク →

HEXANE

Score: 4.05

Matched TTPs:

T1547.002 - Authentication Package
T1622 - Debugger Evasion

MITREへのリンク →

APT28

Score: 16.59

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1566.003 - Spearphishing via Service

MITREへのリンク →

MuddyWater

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Threat Group-3390

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dragonfly

Score: 7.74

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Patchwork

Score: 7.74

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1622 - Debugger Evasion
T1665 - Hide Infrastructure

MITREへのリンク →

Higaisa

Score: 8.17

Matched TTPs:

T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1665 - Hide Infrastructure

MITREへのリンク →

BRONZE BUTLER

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 5.92

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer

MITREへのリンク →

Tropic Trooper

Score: 6.99

Matched TTPs:

T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT33

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1556 - Modify Authentication Process

MITREへのリンク →

Earth Lusca

Score: 4.60

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Mustard Tempest

Score: 6.30

Matched TTPs:

T1059.012 - Hypervisor CLI
T1543.002 - Systemd Service

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

FIN8

Score: 4.39

Matched TTPs:

T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

Wizard Spider

Score: 4.39

Matched TTPs:

T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

FIN6

Score: 4.39

Matched TTPs:

T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

Chimera

Score: 4.48

Matched TTPs:

T1622 - Debugger Evasion
T1665 - Hide Infrastructure

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79

Matched TTPs:

T1606.002 - SAML Tokens
T1606.001 - Web Cookies
T1218.010 - Regsvr32
T1665 - Hide Infrastructure
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1567.002 - Exfiltration to Cloud Storage
T1622 - Debugger Evasion

MITREへのリンク →

Sandworm Team

Score: 0.61

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1049 - System Network Connections Discovery
T1005 - Data from Local System
T1547.002 - Authentication Package
T1564.008 - Email Hiding Rules
T1546.016 - Installer Packages

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る