Trusted Design

Greenbug cyberespionage group targeting Middle East, possible links to Shamoon

概要

Symantec is currently investigating reports of yet another new attack in the Middle East involving the destructive disk-wiping malware used by the Shamoon group (W32.Disttrack, W32.Disttrack.B). Similar to previous attacks, the Disttrack malware used by Shamoon is just the destructive payload. It required other means to be deployed on targeted organizations’ networks and is configured with previously stolen credentials. Symantec discovered the Greenbug cyberespionage group during its investigation into previous attacks involving W32.Disttrack.B (aka Shamoon). Shamoon (W32.Disttrack) first made headlines in 2012 when it was used in attacks against energy companies in Saudi Arabia. It recently resurfaced in November 2016 (W32.Disttrack.B), again attacking targets in Saudi Arabia. While these attacks were covered extensively in the media, how the attackers stole these credentials and introduced W32.Disttrack on targeted organizations’ networks remains a mystery.

Created: 2026-02-23

Indicators

類似Pulses

Shamoon is back (score: 0.80)
Greenbugs DNS-isms (score: 0.77)
From Shamoon to StoneDrill (score: 0.70)
BlackEnergy by the SSHBearDoor (score: 0.62)
Operation Cloud Hopper (hashes) (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 9.62

Matched TTPs:

T1564.008 - Email Hiding Rules
T1059.001 - PowerShell
T1056.002 - GUI Input Capture

MITREへのリンク →

Sandworm Team

Score: 27.39

Matched TTPs:

T1564.008 - Email Hiding Rules
T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1193 - Spearphishing Attachment
T1122 - Component Object Model Hijacking
T1565 - Data Manipulation
T1075 - Pass the Hash
T1543.001 - Launch Agent
T1027.018 - Invisible Unicode

MITREへのリンク →

APT41

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Scattered Spider

Score: 10.16

Matched TTPs:

T1560.003 - Archive via Custom Method
T1565 - Data Manipulation
T1027.002 - Software Packing

MITREへのリンク →

TA505

Score: 9.63

Matched TTPs:

T1560.003 - Archive via Custom Method
T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1027.018 - Invisible Unicode

MITREへのリンク →

Volt Typhoon

Score: 7.60

Matched TTPs:

T1560.003 - Archive via Custom Method
T1059.010 - AutoHotKey & AutoIT
T1056.002 - GUI Input Capture

MITREへのリンク →

APT3

Score: 6.09

Matched TTPs:

T1560.003 - Archive via Custom Method
T1543.003 - Windows Service
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN13

Score: 4.85

Matched TTPs:

T1560.003 - Archive via Custom Method
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

MuddyWater

Score: 12.17

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1608.005 - Link Target
T1059.001 - PowerShell
T1562.011 - Spoof Security Alerting
T1027.018 - Invisible Unicode

MITREへのリンク →

LuminousMoth

Score: 4.78

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1027.018 - Invisible Unicode

MITREへのリンク →

Confucius

Score: 4.82

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Kimsuky

Score: 13.37

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1565 - Data Manipulation
T1027.018 - Invisible Unicode
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN7

Score: 13.77

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1059.001 - PowerShell
T1027.018 - Invisible Unicode
T1490 - Inhibit System Recovery

MITREへのリンク →

Mustard Tempest

Score: 4.78

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustang Panda

Score: 12.49

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode

MITREへのリンク →

APT32

Score: 11.80

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1565 - Data Manipulation
T1027.018 - Invisible Unicode
T1490 - Inhibit System Recovery

MITREへのリンク →

Lazarus Group

Score: 21.59

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1608.005 - Link Target
T1565 - Data Manipulation
T1543.001 - Launch Agent
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver
T1086 - PowerShell

MITREへのリンク →

Leviathan

Score: 12.50

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1056.002 - GUI Input Capture
T1565 - Data Manipulation
T1562.011 - Spoof Security Alerting
T1027.018 - Invisible Unicode

MITREへのリンク →

APT33

Score: 6.94

Matched TTPs:

T1543.003 - Windows Service
T1567.001 - Exfiltration to Code Repository
T1027.018 - Invisible Unicode

MITREへのリンク →

ZIRCONIUM

Score: 9.13

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1608.005 - Link Target
T1056.002 - GUI Input Capture
T1027.018 - Invisible Unicode

MITREへのリンク →

EXOTIC LILY

Score: 9.64

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1565 - Data Manipulation
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Molerats

Score: 4.37

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 9.68

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1565 - Data Manipulation
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 12.49

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1556.009 - Conditional Access Policies
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Windshift

Score: 5.33

Matched TTPs:

T1543.003 - Windows Service
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

APT29

Score: 15.50

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1056.002 - GUI Input Capture
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN4

Score: 5.55

Matched TTPs:

T1543.003 - Windows Service
T1056.002 - GUI Input Capture
T1027.018 - Invisible Unicode

MITREへのリンク →

TA2541

Score: 6.79

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Earth Lusca

Score: 14.14

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1059.001 - PowerShell
T1562.011 - Spoof Security Alerting
T1027.018 - Invisible Unicode

MITREへのリンク →

RedCurl

Score: 5.55

Matched TTPs:

T1543.003 - Windows Service
T1122 - Component Object Model Hijacking
T1027.018 - Invisible Unicode

MITREへのリンク →

Storm-1811

Score: 5.54

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1547.008 - LSASS Driver

MITREへのリンク →

Turla

Score: 12.67

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1608.005 - Link Target
T1556.009 - Conditional Access Policies
T1027.018 - Invisible Unicode
T1490 - Inhibit System Recovery

MITREへのリンク →

Wizard Spider

Score: 13.31

Matched TTPs:

T1543.003 - Windows Service
T1567.001 - Exfiltration to Code Repository
T1059.001 - PowerShell
T1556.009 - Conditional Access Policies
T1027.018 - Invisible Unicode

MITREへのリンク →

LazyScripter

Score: 6.79

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

APT42

Score: 3.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

APT39

Score: 4.37

Matched TTPs:

T1543.003 - Windows Service
T1059.010 - AutoHotKey & AutoIT
T1027.018 - Invisible Unicode

MITREへのリンク →

HAFNIUM

Score: 11.27

Matched TTPs:

T1027.008 - Stripped Payloads
T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1490 - Inhibit System Recovery

MITREへのリンク →

APT5

Score: 3.84

Matched TTPs:

T1027.008 - Stripped Payloads

MITREへのリンク →

Ke3chang

Score: 5.41

Matched TTPs:

T1027.008 - Stripped Payloads
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

BRONZE BUTLER

Score: 4.60

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1562.011 - Spoof Security Alerting

MITREへのリンク →

Moonstone Sleet

Score: 8.40

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

APT38

Score: 6.37

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1543.001 - Launch Agent
T1027.018 - Invisible Unicode

MITREへのリンク →

Gamaredon Group

Score: 13.79

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1056.002 - GUI Input Capture
T1027.018 - Invisible Unicode
T1086 - PowerShell

MITREへのリンク →

Threat Group-3390

Score: 13.17

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1218.003 - CMSTP
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking

MITREへのリンク →

APT28

Score: 30.92

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1139 - Bash History
T1608.005 - Link Target
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking
T1056.002 - GUI Input Capture
T1146 - Clear Command History
T1027.018 - Invisible Unicode
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

TeamTNT

Score: 8.08

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1071.003 - Mail Protocols

MITREへのリンク →

menuPass

Score: 7.06

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking

MITREへのリンク →

BlackByte

Score: 3.54

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media

MITREへのリンク →

Tropic Trooper

Score: 7.27

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1562.011 - Spoof Security Alerting
T1490 - Inhibit System Recovery

MITREへのリンク →

Star Blizzard

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation

MITREへのリンク →

HEXANE

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation

MITREへのリンク →

Saint Bear

Score: 5.35

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Contagious Interview

Score: 14.34

Matched TTPs:

T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1608.005 - Link Target
T1565 - Data Manipulation
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 11.23

Matched TTPs:

T1218.003 - CMSTP
T1608.005 - Link Target
T1056.002 - GUI Input Capture
T1565 - Data Manipulation

MITREへのリンク →

UNC3886

Score: 8.26

Matched TTPs:

T1021.006 - Windows Remote Management
T1547.015 - Login Items

MITREへのリンク →

Dragonfly

Score: 6.59

Matched TTPs:

T1193 - Spearphishing Attachment
T1059.001 - PowerShell

MITREへのリンク →

LAPSUS$

Score: 10.03

Matched TTPs:

T1193 - Spearphishing Attachment
T1122 - Component Object Model Hijacking
T1543.001 - Launch Agent

MITREへのリンク →

PROMETHIUM

Score: 6.80

Matched TTPs:

T1547.015 - Login Items
T1490 - Inhibit System Recovery

MITREへのリンク →

POLONIUM

Score: 4.76

Matched TTPs:

T1608.005 - Link Target
T1122 - Component Object Model Hijacking

MITREへのリンク →

TA578

Score: 3.37

Matched TTPs:

T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Fox Kitten

Score: 5.09

Matched TTPs:

T1059.001 - PowerShell
T1565 - Data Manipulation

MITREへのリンク →

Sea Turtle

Score: 5.41

Matched TTPs:

T1122 - Component Object Model Hijacking
T1490 - Inhibit System Recovery

MITREへのリンク →

CURIUM

Score: 4.86

Matched TTPs:

T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

APT37

Score: 3.03

Matched TTPs:

T1562.011 - Spoof Security Alerting

MITREへのリンク →

TA551

Score: 3.03

Matched TTPs:

T1562.011 - Spoof Security Alerting

MITREへのリンク →

Andariel

Score: 3.03

Matched TTPs:

T1562.011 - Spoof Security Alerting

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

DarkVishnya

Score: 4.54

Matched TTPs:

T1213.003 - Code Repositories

MITREへのリンク →

Storm-0501

Score: 3.44

Matched TTPs:

T1543.001 - Launch Agent

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1160 - Launch Daemon

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1686 - Disable or Modify System Firewall

MITREへのリンク →

Velvet Ant

Score: 6.80

Matched TTPs:

T1490 - Inhibit System Recovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.84

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1566.003 - Spearphishing via Service
T1608.005 - Link Target
T1056.002 - GUI Input Capture
T1146 - Clear Command History
T1059.001 - PowerShell
T1546.007 - Netsh Helper DLL
T1027.018 - Invisible Unicode
T1122 - Component Object Model Hijacking
T1139 - Bash History

MITREへのリンク →

Sandworm Team

Score: 0.76

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1543.003 - Windows Service
T1564.008 - Email Hiding Rules
T1091 - Replication Through Removable Media
T1075 - Pass the Hash
T1543.001 - Launch Agent
T1027.018 - Invisible Unicode
T1122 - Component Object Model Hijacking
T1565 - Data Manipulation
T1193 - Spearphishing Attachment

MITREへのリンク →

Lazarus Group

Score: 0.65

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1543.003 - Windows Service
T1547.008 - LSASS Driver
T1055.005 - Thread Local Storage
T1543.001 - Launch Agent
T1608.005 - Link Target
T1565 - Data Manipulation
T1086 - PowerShell

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る