Trusted Design

Android Malware Targeting Journalists

概要

In recent weeks, Iranian groups have increased their use of Android malware in order to compromise foreign journalists and political activists focused on the country. These incidents have involved the use of fictitious personas and compromised accounts in order to turn on others. Alongside Android malware, the group uses a familiar tactic of sending fake login pages for Facebook, Google, Yahoo and Microsoft in order to obtain account credentials through phishing. Finally, while two factor authentication (2FA) remains a critical resource to protect accounts, an observed compromised further highlights the need to move away from using the text message method onto Google Authenticator.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Android banking malware masquerades as Flash Player (score: 0.70)
Android banking trojan as Flash Player and bypasses 2FA (score: 0.68)
Trojan-Banker.AndroidOS.Faketoken follow-up (score: 0.66)
ZBot Malware (score: 0.66)
London Calling: Two-Factor Authentication Phishing From Iran (score: 0.65)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 14.48

Matched TTPs:

T1484.002 - Trust Modification
T1016.002 - Wi-Fi Discovery
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

Leviathan

Score: 14.56

Matched TTPs:

T1484.002 - Trust Modification
T1024 - Custom Cryptographic Protocol
T1592.003 - Firmware
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

APT28

Score: 13.44

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1592.003 - Firmware
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1197 - BITS Jobs

MITREへのリンク →

Magic Hound

Score: 18.27

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1016.002 - Wi-Fi Discovery
T1592.003 - Firmware
T1547.002 - Authentication Package
T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

Mustang Panda

Score: 8.29

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage

MITREへのリンク →

OilRig

Score: 17.99

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1212 - Exploitation for Credential Access
T1218.010 - Regsvr32
T1592.002 - Software
T1556.009 - Conditional Access Policies
T1547.008 - LSASS Driver

MITREへのリンク →

HEXANE

Score: 8.22

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1212 - Exploitation for Credential Access
T1547.002 - Authentication Package

MITREへのリンク →

Kimsuky

Score: 20.59

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1001 - Data Obfuscation
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1656 - Impersonation
T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

LAPSUS$

Score: 9.95

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1556.008 - Network Provider DLL
T1592.003 - Firmware

MITREへのリンク →

APT29

Score: 17.04

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1592.004 - Client Configurations
T1556.008 - Network Provider DLL
T1218.010 - Regsvr32
T1547.008 - LSASS Driver
T1490 - Inhibit System Recovery

MITREへのリンク →

TA505

Score: 3.62

Matched TTPs:

T1016.002 - Wi-Fi Discovery

MITREへのリンク →

RedCurl

Score: 3.62

Matched TTPs:

T1016.002 - Wi-Fi Discovery

MITREへのリンク →

APT32

Score: 8.00

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

BRONZE BUTLER

Score: 5.34

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32

MITREへのリンク →

APT33

Score: 5.63

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1218.010 - Regsvr32

MITREへのリンク →

Wizard Spider

Score: 7.75

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1556.009 - Conditional Access Policies

MITREへのリンク →

Scattered Spider

Score: 7.28

Matched TTPs:

T1556.008 - Network Provider DLL
T1197 - BITS Jobs

MITREへのリンク →

Turla

Score: 14.67

Matched TTPs:

T1212 - Exploitation for Credential Access
T1547.002 - Authentication Package
T1556.009 - Conditional Access Policies
T1546.016 - Installer Packages
T1490 - Inhibit System Recovery

MITREへのリンク →

Tonto Team

Score: 4.65

Matched TTPs:

T1212 - Exploitation for Credential Access
T1218.010 - Regsvr32

MITREへのリンク →

admin@338

Score: 4.65

Matched TTPs:

T1212 - Exploitation for Credential Access
T1218.010 - Regsvr32

MITREへのリンク →

Chimera

Score: 9.42

Matched TTPs:

T1212 - Exploitation for Credential Access
T1592.003 - Firmware
T1665 - Hide Infrastructure

MITREへのリンク →

Volt Typhoon

Score: 8.82

Matched TTPs:

T1212 - Exploitation for Credential Access
T1546.016 - Installer Packages
T1665 - Hide Infrastructure

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

Threat Group-3390

Score: 4.65

Matched TTPs:

T1001 - Data Obfuscation
T1218.010 - Regsvr32

MITREへのリンク →

Patchwork

Score: 7.48

Matched TTPs:

T1001 - Data Obfuscation
T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

BlackByte

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

menuPass

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

APT37

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Lazarus Group

Score: 16.21

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1547.008 - LSASS Driver

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

FIN7

Score: 5.06

Matched TTPs:

T1547.002 - Authentication Package
T1490 - Inhibit System Recovery

MITREへのリンク →

MuddyWater

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

ZIRCONIUM

Score: 5.84

Matched TTPs:

T1547.002 - Authentication Package
T1197 - BITS Jobs

MITREへのリンク →

Dragonfly

Score: 7.95

Matched TTPs:

T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance
T1546.016 - Installer Packages

MITREへのリンク →

EXOTIC LILY

Score: 4.02

Matched TTPs:

T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Axiom

Score: 6.03

Matched TTPs:

T1218.010 - Regsvr32
T1160 - Launch Daemon

MITREへのリンク →

Higaisa

Score: 4.33

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

APT3

Score: 5.12

Matched TTPs:

T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

Tropic Trooper

Score: 6.99

Matched TTPs:

T1218.010 - Regsvr32
T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

Ember Bear

Score: 4.93

Matched TTPs:

T1218.010 - Regsvr32
T1656 - Impersonation

MITREへのリンク →

Moonstone Sleet

Score: 5.96

Matched TTPs:

T1197 - BITS Jobs
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 10.50

Matched TTPs:

T1656 - Impersonation
T1651 - Cloud Administration Command
T1547.008 - LSASS Driver

MITREへのリンク →

Fox Kitten

Score: 3.44

Matched TTPs:

T1656 - Impersonation

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1656 - Impersonation

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Storm-1811

Score: 6.14

Matched TTPs:

T1578.002 - Create Cloud Instance
T1547.008 - LSASS Driver

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

ToddyCat

Score: 5.36

Matched TTPs:

T1665 - Hide Infrastructure
T1547.008 - LSASS Driver

MITREへのリンク →

FIN13

Score: 4.54

Matched TTPs:

T1686.001 - Cloud Firewall

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1547.002 - Authentication Package
T1490 - Inhibit System Recovery
T1197 - BITS Jobs
T1656 - Impersonation
T1665 - Hide Infrastructure
T1001 - Data Obfuscation

MITREへのリンク →

Magic Hound

Score: 0.73

Matched TTPs:

T1578.002 - Create Cloud Instance
T1024 - Custom Cryptographic Protocol
T1592.003 - Firmware
T1547.002 - Authentication Package
T1016.002 - Wi-Fi Discovery
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 0.72

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1592.002 - Software
T1218.010 - Regsvr32
T1556.009 - Conditional Access Policies
T1212 - Exploitation for Credential Access
T1547.008 - LSASS Driver

MITREへのリンク →

APT29

Score: 0.66

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1490 - Inhibit System Recovery
T1556.008 - Network Provider DLL
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 0.65

Matched TTPs:

T1055.005 - Thread Local Storage
T1218.010 - Regsvr32
T1547.002 - Authentication Package
T1665 - Hide Infrastructure
T1546.016 - Installer Packages
T1547.008 - LSASS Driver

MITREへのリンク →

Turla

Score: 0.59

Matched TTPs:

T1547.002 - Authentication Package
T1490 - Inhibit System Recovery
T1556.009 - Conditional Access Policies
T1546.016 - Installer Packages
T1212 - Exploitation for Credential Access

MITREへのリンク →

Sandworm Team

Score: 0.58

Matched TTPs:

T1484.002 - Trust Modification
T1218.010 - Regsvr32
T1547.002 - Authentication Package
T1016.002 - Wi-Fi Discovery
T1546.016 - Installer Packages

MITREへのリンク →

Leviathan

Score: 0.57

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1592.003 - Firmware
T1484.002 - Trust Modification
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

APT28

Score: 0.55

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1592.003 - Firmware
T1218.010 - Regsvr32
T1547.002 - Authentication Package
T1197 - BITS Jobs

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る