Trusted Design

Alice: A Lightweight, Compact, No-Nonsense ATM Malware

概要

Trend Micro has discovered a new family of ATM malware called Alice, which is the most stripped down ATM malware family we have ever encountered. Unlike other ATM malware families, Alice cannot be controlled via the numeric pad of ATMs; neither does it have information stealing features. It is meant solely to empty the safe of ATMs. We detect this new malware family as BKDR_ALICE.A. Trend Micro first discovered the Alice ATM malware family in November 2016 as result of our joint research project on ATM malware with Europol EC3. We collected a list of hashes and the files corresponding to those hashes were then retrieved from VirusTotal for further analysis. One of those binaries was initially thought to be a new variant of the Padpin ATM malware family. However, after reverse analysis, we found that it to be part of a brand new family, which we called Alice.

Created: 2026-02-23

Indicators

類似Pulses

SUCEFUL: Next Generation ATM Malware (score: 0.66)
Skimer: New, Improved Variant Targeting ATMs (score: 0.65)
Meet GreenDispenser: A New Breed of ATM Malware (score: 0.64)
ATMZombie: banking trojan in Israeli waters (score: 0.61)
Exploring Bergard: Old Malware with New Tricks (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 8.43

Matched TTPs:

T1560.003 - Archive via Custom Method
T1668 - Exclusive Control
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Scattered Spider

Score: 5.74

Matched TTPs:

T1560.003 - Archive via Custom Method
T1136.002 - Domain Account

MITREへのリンク →

TA505

Score: 5.74

Matched TTPs:

T1560.003 - Archive via Custom Method
T1136.002 - Domain Account

MITREへのリンク →

Volt Typhoon

Score: 6.12

Matched TTPs:

T1560.003 - Archive via Custom Method
T1665 - Hide Infrastructure

MITREへのリンク →

APT3

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

FIN13

Score: 6.03

Matched TTPs:

T1560.003 - Archive via Custom Method
T1668 - Exclusive Control

MITREへのリンク →

Patchwork

Score: 11.61

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1580 - Cloud Infrastructure Discovery
T1001 - Data Obfuscation
T1665 - Hide Infrastructure

MITREへのリンク →

Ember Bear

Score: 7.80

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1136.002 - Domain Account
T1668 - Exclusive Control

MITREへのリンク →

BlackByte

Score: 8.14

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1001 - Data Obfuscation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Lazarus Group

Score: 11.96

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1547.002 - Authentication Package
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure

MITREへのリンク →

APT28

Score: 7.74

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1547.002 - Authentication Package
T1668 - Exclusive Control

MITREへのリンク →

APT32

Score: 7.74

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1668 - Exclusive Control
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN6

Score: 4.99

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1027.007 - Dynamic API Resolution

MITREへのリンク →

LuminousMoth

Score: 5.05

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1136.002 - Domain Account

MITREへのリンク →

Ke3chang

Score: 4.99

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1027.007 - Dynamic API Resolution

MITREへのリンク →

menuPass

Score: 5.74

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1001 - Data Obfuscation

MITREへのリンク →

Leviathan

Score: 8.78

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1580 - Cloud Infrastructure Discovery
T1546.017 - Udev Rules

MITREへのリンク →

APT29

Score: 3.03

Matched TTPs:

T1580 - Cloud Infrastructure Discovery

MITREへのリンク →

Kimsuky

Score: 17.31

Matched TTPs:

T1580 - Cloud Infrastructure Discovery
T1001 - Data Obfuscation
T1547.002 - Authentication Package
T1668 - Exclusive Control
T1526 - Cloud Service Discovery
T1665 - Hide Infrastructure

MITREへのリンク →

Moafee

Score: 3.03

Matched TTPs:

T1580 - Cloud Infrastructure Discovery

MITREへのリンク →

Higaisa

Score: 9.02

Matched TTPs:

T1580 - Cloud Infrastructure Discovery
T1665 - Hide Infrastructure
T1546.017 - Udev Rules

MITREへのリンク →

BRONZE BUTLER

Score: 3.03

Matched TTPs:

T1580 - Cloud Infrastructure Discovery

MITREへのリンク →

Akira

Score: 3.03

Matched TTPs:

T1580 - Cloud Infrastructure Discovery

MITREへのリンク →

TA2541

Score: 8.76

Matched TTPs:

T1136.002 - Domain Account
T1001 - Data Obfuscation
T1546.017 - Udev Rules

MITREへのリンク →

APT1

Score: 5.20

Matched TTPs:

T1136.002 - Domain Account
T1668 - Exclusive Control

MITREへのリンク →

Aquatic Panda

Score: 5.20

Matched TTPs:

T1136.002 - Domain Account
T1668 - Exclusive Control

MITREへのリンク →

Turla

Score: 4.86

Matched TTPs:

T1136.002 - Domain Account
T1547.002 - Authentication Package

MITREへのリンク →

Mustang Panda

Score: 11.82

Matched TTPs:

T1169 - Sudo
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

Threat Group-3390

Score: 9.46

Matched TTPs:

T1001 - Data Obfuscation
T1526 - Cloud Service Discovery
T1546.017 - Udev Rules

MITREへのリンク →

APT39

Score: 4.80

Matched TTPs:

T1547.002 - Authentication Package
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN7

Score: 4.80

Matched TTPs:

T1547.002 - Authentication Package
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Gamaredon Group

Score: 5.55

Matched TTPs:

T1547.002 - Authentication Package
T1546.017 - Udev Rules

MITREへのリンク →

OilRig

Score: 7.69

Matched TTPs:

T1592.002 - Software
T1526 - Cloud Service Discovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Mustard Tempest

Score: 4.54

Matched TTPs:

T1543.002 - Systemd Service

MITREへのリンク →

Chimera

Score: 7.98

Matched TTPs:

T1668 - Exclusive Control
T1027.007 - Dynamic API Resolution
T1665 - Hide Infrastructure

MITREへのリンク →

Wizard Spider

Score: 8.30

Matched TTPs:

T1668 - Exclusive Control
T1526 - Cloud Service Discovery
T1027.007 - Dynamic API Resolution

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

FIN8

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

Medusa Group

Score: 6.94

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.77

Matched TTPs:

T1665 - Hide Infrastructure
T1668 - Exclusive Control
T1547.002 - Authentication Package
T1001 - Data Obfuscation
T1526 - Cloud Service Discovery
T1580 - Cloud Infrastructure Discovery

MITREへのリンク →

Lazarus Group

Score: 0.58

Matched TTPs:

T1550 - Use Alternate Authentication Material
T1665 - Hide Infrastructure
T1547.002 - Authentication Package
T1055.005 - Thread Local Storage

MITREへのリンク →

Patchwork

Score: 0.56

Matched TTPs:

T1580 - Cloud Infrastructure Discovery
T1550 - Use Alternate Authentication Material
T1665 - Hide Infrastructure
T1001 - Data Obfuscation

MITREへのリンク →

Mustang Panda

Score: 0.55

Matched TTPs:

T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage
T1169 - Sudo

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る