Trusted Design

ZeuS banking Trojan distributed via MSG attachments

概要

Spam campaign using .MSG file attachments to deliver the Zbot Trojan has been discovered. The .MSG file format is used to store Exchange and Outlook message files and is not a popular option among actors. Once successful infection occurs, the Zbot Trojan connects to two domains and downloads a configuration file. The Trojan intercepts network traffic to steal banking credentials and network information.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Attack on Zygote: a new twist in the evolution of mobile threats (score: 0.64)
ZeusVM: Bits and Pieces (score: 0.63)
Zusy malware on Metadefender.com (score: 0.62)
Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide (score: 0.61)
New banking trojan 'Slave' hitting Polish Banks (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 11.40

Matched TTPs:

T1027.009 - Embedded Payloads
T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1090.001 - Internal Proxy

MITREへのリンク →

TA577

Score: 5.29

Matched TTPs:

T1027.009 - Embedded Payloads
T1566.002 - Spearphishing Link

MITREへのリンク →

Moonstone Sleet

Score: 7.03

Matched TTPs:

T1027.009 - Embedded Payloads
T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

Kimsuky

Score: 20.53

Matched TTPs:

T1036.007 - Double File Extension
T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1114.002 - Remote Email Collection
T1588.003 - Code Signing Certificates
T1584.001 - Domains
T1078.003 - Local Accounts

MITREへのリンク →

Mustang Panda

Score: 15.76

Matched TTPs:

T1036.007 - Double File Extension
T1036.008 - Masquerade File Type
T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1588.003 - Code Signing Certificates

MITREへのリンク →

APT41

Score: 4.16

Matched TTPs:

T1069 - Permission Groups Discovery
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Scattered Spider

Score: 4.80

Matched TTPs:

T1069 - Permission Groups Discovery
T1583.001 - Domains

MITREへのリンク →

TA505

Score: 7.91

Matched TTPs:

T1069 - Permission Groups Discovery
T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

Volt Typhoon

Score: 10.06

Matched TTPs:

T1069 - Permission Groups Discovery
T1036.008 - Masquerade File Type
T1090.001 - Internal Proxy

MITREへのリンク →

APT3

Score: 4.73

Matched TTPs:

T1069 - Permission Groups Discovery
T1566.002 - Spearphishing Link

MITREへのリンク →

FIN13

Score: 6.21

Matched TTPs:

T1069 - Permission Groups Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

BlackByte

Score: 3.84

Matched TTPs:

T1036.008 - Masquerade File Type

MITREへのリンク →

Machete

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Elderwood

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Transparent Tribe

Score: 7.91

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1584.001 - Domains

MITREへのリンク →

Dragonfly

Score: 9.47

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1598.002 - Spearphishing Attachment
T1114.002 - Remote Email Collection

MITREへのリンク →

CURIUM

Score: 3.18

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

Tropic Trooper

Score: 4.33

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1078.003 - Local Accounts

MITREへのリンク →

RedCurl

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

menuPass

Score: 3.18

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

FIN8

Score: 6.26

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1588.003 - Code Signing Certificates

MITREへのリンク →

Threat Group-3390

Score: 9.48

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1588.003 - Code Signing Certificates
T1027.015 - Compression

MITREへのリンク →

BITTER

Score: 3.18

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

Ferocious Kitten

Score: 3.18

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

LazyScripter

Score: 4.63

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

PROMETHIUM

Score: 3.45

Matched TTPs:

T1204.002 - Malicious File
T1078.003 - Local Accounts

MITREへのリンク →

APT39

Score: 6.04

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1090.001 - Internal Proxy

MITREへのリンク →

Star Blizzard

Score: 9.47

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1598.002 - Spearphishing Attachment
T1114.002 - Remote Email Collection

MITREへのリンク →

Higaisa

Score: 7.74

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1090.001 - Internal Proxy
T1027.015 - Compression

MITREへのリンク →

Wizard Spider

Score: 9.88

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates

MITREへのリンク →

OilRig

Score: 15.94

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1137.004 - Outlook Home Page
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates

MITREへのリンク →

Sandworm Team

Score: 4.63

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

Magic Hound

Score: 9.70

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1583.001 - Domains
T1114.002 - Remote Email Collection
T1584.001 - Domains

MITREへのリンク →

FIN4

Score: 5.78

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1114.002 - Remote Email Collection

MITREへのリンク →

Cobalt Group

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Storm-1811

Score: 3.75

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1583.001 - Domains

MITREへのリンク →

EXOTIC LILY

Score: 4.63

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

Patchwork

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

FIN7

Score: 7.29

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1078.003 - Local Accounts

MITREへのリンク →

APT28

Score: 10.38

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1114.002 - Remote Email Collection
T1669 - Wi-Fi Networks

MITREへのリンク →

TA2541

Score: 7.78

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1027.015 - Compression

MITREへのリンク →

Earth Lusca

Score: 3.75

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1583.001 - Domains

MITREへのリンク →

SideCopy

Score: 8.57

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment
T1584.001 - Domains

MITREへのリンク →

Mofang

Score: 6.26

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1027.015 - Compression

MITREへのリンク →

Leviathan

Score: 7.78

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1027.015 - Compression

MITREへのリンク →

BRONZE BUTLER

Score: 5.51

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1550.003 - Pass the Ticket

MITREへのリンク →

APT38

Score: 3.18

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

MuddyWater

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Molerats

Score: 6.26

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1027.015 - Compression

MITREへのリンク →

Gamaredon Group

Score: 6.33

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1027.015 - Compression

MITREへのリンク →

APT32

Score: 11.14

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1550.003 - Pass the Ticket
T1078.003 - Local Accounts

MITREへのリンク →

IndigoZebra

Score: 3.18

Matched TTPs:

T1204.002 - Malicious File
T1566.001 - Spearphishing Attachment
T1583.001 - Domains

MITREへのリンク →

APT33

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Sidewinder

Score: 6.73

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1598.002 - Spearphishing Attachment

MITREへのリンク →

APT29

Score: 12.29

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1550.003 - Pass the Ticket
T1114.002 - Remote Email Collection
T1078.003 - Local Accounts

MITREへのリンク →

Confucius

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

BlackTech

Score: 6.26

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1588.003 - Code Signing Certificates

MITREへのリンク →

Windshift

Score: 3.11

Matched TTPs:

T1204.002 - Malicious File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Mustard Tempest

Score: 4.73

Matched TTPs:

T1566.002 - Spearphishing Link
T1584.001 - Domains

MITREへのリンク →

APT1

Score: 9.79

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1114.002 - Remote Email Collection
T1584.001 - Domains

MITREへのリンク →

Turla

Score: 10.66

Matched TTPs:

T1566.002 - Spearphishing Link
T1555.004 - Windows Credential Manager
T1090.001 - Internal Proxy
T1078.003 - Local Accounts

MITREへのリンク →

Sea Turtle

Score: 4.18

Matched TTPs:

T1583.001 - Domains
T1078.003 - Local Accounts

MITREへのリンク →

HAFNIUM

Score: 5.33

Matched TTPs:

T1114.002 - Remote Email Collection
T1078.003 - Local Accounts

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1001.002 - Steganography

MITREへのリンク →

Velvet Ant

Score: 5.59

Matched TTPs:

T1090.001 - Internal Proxy
T1078.003 - Local Accounts

MITREへのリンク →

Medusa Group

Score: 4.54

Matched TTPs:

T1218.014 - MMC

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79

Matched TTPs:

T1114.002 - Remote Email Collection
T1583.001 - Domains
T1566.001 - Spearphishing Attachment
T1584.001 - Domains
T1588.003 - Code Signing Certificates
T1036.007 - Double File Extension
T1078.003 - Local Accounts
T1204.002 - Malicious File
T1566.002 - Spearphishing Link

MITREへのリンク →

Mustang Panda

Score: 0.63

Matched TTPs:

T1036.008 - Masquerade File Type
T1583.001 - Domains
T1566.001 - Spearphishing Attachment
T1588.003 - Code Signing Certificates
T1036.007 - Double File Extension
T1204.002 - Malicious File
T1566.002 - Spearphishing Link

MITREへのリンク →

OilRig

Score: 0.61

Matched TTPs:

T1137.004 - Outlook Home Page
T1583.001 - Domains
T1566.001 - Spearphishing Attachment
T1588.003 - Code Signing Certificates
T1204.002 - Malicious File
T1555.004 - Windows Credential Manager
T1566.002 - Spearphishing Link

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る