Trusted Design

Greenbug cyberespionage group targeting Middle East, possible links to Shamoon

概要

Symantec is currently investigating reports of yet another new attack in the Middle East involving the destructive disk-wiping malware used by the Shamoon group (W32.Disttrack, W32.Disttrack.B). Similar to previous attacks, the Disttrack malware used by Shamoon is just the destructive payload. It required other means to be deployed on targeted organizations’ networks and is configured with previously stolen credentials. Symantec discovered the Greenbug cyberespionage group during its investigation into previous attacks involving W32.Disttrack.B (aka Shamoon). Shamoon (W32.Disttrack) first made headlines in 2012 when it was used in attacks against energy companies in Saudi Arabia. It recently resurfaced in November 2016 (W32.Disttrack.B), again attacking targets in Saudi Arabia. While these attacks were covered extensively in the media, how the attackers stole these credentials and introduced W32.Disttrack on targeted organizations’ networks remains a mystery.

Created: 2026-02-23

Indicators

類似Pulses

Shamoon is back (score: 0.80)
Greenbugs DNS-isms (score: 0.77)
From Shamoon to StoneDrill (score: 0.70)
BlackEnergy by the SSHBearDoor (score: 0.62)
Operation Cloud Hopper (hashes) (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 9.62

Matched TTPs:

T1491.002 - External Defacement
T1210 - Exploitation of Remote Services
T1090.003 - Multi-hop Proxy

MITREへのリンク →

Sandworm Team

Score: 27.39

Matched TTPs:

T1491.002 - External Defacement
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1591.002 - Business Relationships
T1199 - Trusted Relationship
T1585.001 - Social Media Accounts
T1499 - Endpoint Denial of Service
T1485 - Data Destruction
T1204.001 - Malicious Link

MITREへのリンク →

APT41

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

Scattered Spider

Score: 10.16

Matched TTPs:

T1069 - Permission Groups Discovery
T1585.001 - Social Media Accounts
T1538 - Cloud Service Dashboard

MITREへのリンク →

TA505

Score: 9.63

Matched TTPs:

T1069 - Permission Groups Discovery
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1204.001 - Malicious Link

MITREへのリンク →

Volt Typhoon

Score: 7.60

Matched TTPs:

T1069 - Permission Groups Discovery
T1140 - Deobfuscate/Decode Files or Information
T1090.003 - Multi-hop Proxy

MITREへのリンク →

APT3

Score: 6.09

Matched TTPs:

T1069 - Permission Groups Discovery
T1566.002 - Spearphishing Link
T1204.001 - Malicious Link

MITREへのリンク →

FIN13

Score: 4.85

Matched TTPs:

T1069 - Permission Groups Discovery
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

MuddyWater

Score: 12.17

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1583.006 - Web Services
T1210 - Exploitation of Remote Services
T1027.003 - Steganography
T1204.001 - Malicious Link

MITREへのリンク →

LuminousMoth

Score: 4.78

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1204.001 - Malicious Link

MITREへのリンク →

Confucius

Score: 4.82

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1204.001 - Malicious Link

MITREへのリンク →

Kimsuky

Score: 13.37

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1583.006 - Web Services
T1585.001 - Social Media Accounts
T1204.001 - Malicious Link
T1078.003 - Local Accounts

MITREへのリンク →

FIN7

Score: 13.77

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1583.006 - Web Services
T1210 - Exploitation of Remote Services
T1204.001 - Malicious Link
T1078.003 - Local Accounts

MITREへのリンク →

Mustard Tempest

Score: 4.78

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1204.001 - Malicious Link

MITREへのリンク →

Mustang Panda

Score: 12.49

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1583.006 - Web Services
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link

MITREへのリンク →

APT32

Score: 11.80

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1583.006 - Web Services
T1585.001 - Social Media Accounts
T1204.001 - Malicious Link
T1078.003 - Local Accounts

MITREへのリンク →

Lazarus Group

Score: 21.59

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1583.006 - Web Services
T1585.001 - Social Media Accounts
T1485 - Data Destruction
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service
T1561.001 - Disk Content Wipe

MITREへのリンク →

Leviathan

Score: 12.50

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1090.003 - Multi-hop Proxy
T1585.001 - Social Media Accounts
T1027.003 - Steganography
T1204.001 - Malicious Link

MITREへのリンク →

APT33

Score: 6.94

Matched TTPs:

T1566.002 - Spearphishing Link
T1552.006 - Group Policy Preferences
T1204.001 - Malicious Link

MITREへのリンク →

ZIRCONIUM

Score: 9.13

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1204.001 - Malicious Link

MITREへのリンク →

EXOTIC LILY

Score: 9.64

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1585.001 - Social Media Accounts
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Molerats

Score: 4.37

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1204.001 - Malicious Link

MITREへのリンク →

Magic Hound

Score: 9.68

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1585.001 - Social Media Accounts
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

OilRig

Score: 12.49

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1555.004 - Windows Credential Manager
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Windshift

Score: 5.33

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 15.50

Matched TTPs:

T1566.002 - Spearphishing Link
T1583.006 - Web Services
T1199 - Trusted Relationship
T1090.003 - Multi-hop Proxy
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

FIN4

Score: 5.55

Matched TTPs:

T1566.002 - Spearphishing Link
T1090.003 - Multi-hop Proxy
T1204.001 - Malicious Link

MITREへのリンク →

TA2541

Score: 6.79

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1583.006 - Web Services
T1204.001 - Malicious Link

MITREへのリンク →

Earth Lusca

Score: 14.14

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1583.006 - Web Services
T1210 - Exploitation of Remote Services
T1027.003 - Steganography
T1204.001 - Malicious Link

MITREへのリンク →

RedCurl

Score: 5.55

Matched TTPs:

T1566.002 - Spearphishing Link
T1199 - Trusted Relationship
T1204.001 - Malicious Link

MITREへのリンク →

Storm-1811

Score: 5.54

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 12.67

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1583.006 - Web Services
T1555.004 - Windows Credential Manager
T1204.001 - Malicious Link
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 13.31

Matched TTPs:

T1566.002 - Spearphishing Link
T1552.006 - Group Policy Preferences
T1210 - Exploitation of Remote Services
T1555.004 - Windows Credential Manager
T1204.001 - Malicious Link

MITREへのリンク →

LazyScripter

Score: 6.79

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1583.006 - Web Services
T1204.001 - Malicious Link

MITREへのリンク →

APT42

Score: 3.42

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware

MITREへのリンク →

APT39

Score: 4.37

Matched TTPs:

T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1204.001 - Malicious Link

MITREへのリンク →

HAFNIUM

Score: 11.27

Matched TTPs:

T1583.005 - Botnet
T1583.006 - Web Services
T1199 - Trusted Relationship
T1078.003 - Local Accounts

MITREへのリンク →

APT5

Score: 3.84

Matched TTPs:

T1583.005 - Botnet

MITREへのリンク →

Ke3chang

Score: 5.41

Matched TTPs:

T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

BRONZE BUTLER

Score: 4.60

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.003 - Steganography

MITREへのリンク →

Moonstone Sleet

Score: 8.40

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1585.001 - Social Media Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT38

Score: 6.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1485 - Data Destruction
T1204.001 - Malicious Link

MITREへのリンク →

Gamaredon Group

Score: 13.79

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1204.001 - Malicious Link
T1561.001 - Disk Content Wipe

MITREへのリンク →

Threat Group-3390

Score: 13.17

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1608.002 - Upload Tool
T1210 - Exploitation of Remote Services
T1199 - Trusted Relationship

MITREへのリンク →

APT28

Score: 30.92

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1557.004 - Evil Twin
T1583.006 - Web Services
T1210 - Exploitation of Remote Services
T1199 - Trusted Relationship
T1090.003 - Multi-hop Proxy
T1498 - Network Denial of Service
T1204.001 - Malicious Link
T1669 - Wi-Fi Networks
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

TeamTNT

Score: 8.08

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1610 - Deploy Container

MITREへのリンク →

menuPass

Score: 7.06

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1210 - Exploitation of Remote Services
T1199 - Trusted Relationship

MITREへのリンク →

BlackByte

Score: 3.54

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware

MITREへのリンク →

Tropic Trooper

Score: 7.27

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.003 - Steganography
T1078.003 - Local Accounts

MITREへのリンク →

Star Blizzard

Score: 4.31

Matched TTPs:

T1608.001 - Upload Malware
T1585.001 - Social Media Accounts

MITREへのリンク →

HEXANE

Score: 4.31

Matched TTPs:

T1608.001 - Upload Malware
T1585.001 - Social Media Accounts

MITREへのリンク →

Saint Bear

Score: 5.35

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1204.001 - Malicious Link

MITREへのリンク →

Contagious Interview

Score: 14.34

Matched TTPs:

T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1583.006 - Web Services
T1585.001 - Social Media Accounts
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 11.23

Matched TTPs:

T1608.002 - Upload Tool
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1585.001 - Social Media Accounts

MITREへのリンク →

UNC3886

Score: 8.26

Matched TTPs:

T1681 - Search Threat Vendor Data
T1205.001 - Port Knocking

MITREへのリンク →

Dragonfly

Score: 6.59

Matched TTPs:

T1591.002 - Business Relationships
T1210 - Exploitation of Remote Services

MITREへのリンク →

LAPSUS$

Score: 10.03

Matched TTPs:

T1591.002 - Business Relationships
T1199 - Trusted Relationship
T1485 - Data Destruction

MITREへのリンク →

PROMETHIUM

Score: 6.80

Matched TTPs:

T1205.001 - Port Knocking
T1078.003 - Local Accounts

MITREへのリンク →

POLONIUM

Score: 4.76

Matched TTPs:

T1583.006 - Web Services
T1199 - Trusted Relationship

MITREへのリンク →

TA578

Score: 3.37

Matched TTPs:

T1583.006 - Web Services
T1204.001 - Malicious Link

MITREへのリンク →

Fox Kitten

Score: 5.09

Matched TTPs:

T1210 - Exploitation of Remote Services
T1585.001 - Social Media Accounts

MITREへのリンク →

Sea Turtle

Score: 5.41

Matched TTPs:

T1199 - Trusted Relationship
T1078.003 - Local Accounts

MITREへのリンク →

CURIUM

Score: 4.86

Matched TTPs:

T1585.001 - Social Media Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT37

Score: 3.03

Matched TTPs:

T1027.003 - Steganography

MITREへのリンク →

TA551

Score: 3.03

Matched TTPs:

T1027.003 - Steganography

MITREへのリンク →

Andariel

Score: 3.03

Matched TTPs:

T1027.003 - Steganography

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

DarkVishnya

Score: 4.54

Matched TTPs:

T1200 - Hardware Additions

MITREへのリンク →

Storm-0501

Score: 3.44

Matched TTPs:

T1485 - Data Destruction

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1001.002 - Steganography

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1056.004 - Credential API Hooking

MITREへのリンク →

Velvet Ant

Score: 6.80

Matched TTPs:

T1078.003 - Local Accounts
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.84

Matched TTPs:

T1090.003 - Multi-hop Proxy
T1199 - Trusted Relationship
T1210 - Exploitation of Remote Services
T1498 - Network Denial of Service
T1204.001 - Malicious Link
T1583.006 - Web Services
T1140 - Deobfuscate/Decode Files or Information
T1669 - Wi-Fi Networks
T1211 - Exploitation for Defense Evasion
T1557.004 - Evil Twin

MITREへのリンク →

Sandworm Team

Score: 0.76

Matched TTPs:

T1585.001 - Social Media Accounts
T1199 - Trusted Relationship
T1608.001 - Upload Malware
T1566.002 - Spearphishing Link
T1485 - Data Destruction
T1204.001 - Malicious Link
T1140 - Deobfuscate/Decode Files or Information
T1491.002 - External Defacement
T1591.002 - Business Relationships
T1499 - Endpoint Denial of Service

MITREへのリンク →

Lazarus Group

Score: 0.65

Matched TTPs:

T1585.001 - Social Media Accounts
T1566.002 - Spearphishing Link
T1485 - Data Destruction
T1027.007 - Dynamic API Resolution
T1583.006 - Web Services
T1561.001 - Disk Content Wipe
T1140 - Deobfuscate/Decode Files or Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る