Trusted Design

KopiLuwak: A New JavaScript Payload from Turla

概要

On 28 January 2017, John Lambert of Microsoft (@JohnLaTwC) tweeted about a malicious document that dropped a “very interesting .JS backdoor“. Since the end of November 2016, Kaspersky Lab has observed Turla using this new JavaScript payload and specific macro variant. This is a technique we’ve observed before with Turla’s ICEDCOFFEE payloads, detailed in a private report from June 2016 (available to customers of Kaspersky APT Intelligence Services). While the delivery method is somewhat similar to ICEDCOFFEE, the JavaScript differs greatly and appears to have been created mainly to avoid detection.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Affiliate’s Malspam Operation: Kovter and Miuref/Boaxxe (score: 0.59)
Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox (score: 0.59)
IRS Refund-themed Spam Campaign Delivers Kovter and CoreBOT (score: 0.58)
FIREEYE: Office Encapsulated PostScript & Priv Escalation 0days (score: 0.58)
Kavala malware on Metadefender.com (score: 0.57)

このPulseに関連する脅威アクター (事実ベース)

Turla

Score: 3.74

Matched TTPs:

T1059.007 - JavaScript
T1189 - Drive-by Compromise

MITREへのリンク →

APT32

Score: 9.08

Matched TTPs:

T1059.007 - JavaScript
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Saint Bear

Score: 3.47

Matched TTPs:

T1059.007 - JavaScript
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sidewinder

Score: 3.47

Matched TTPs:

T1059.007 - JavaScript
T1203 - Exploitation for Client Execution

MITREへのリンク →

MuddyWater

Score: 7.09

Matched TTPs:

T1059.007 - JavaScript
T1203 - Exploitation for Client Execution
T1027.004 - Compile After Delivery

MITREへのリンク →

Earth Lusca

Score: 3.74

Matched TTPs:

T1059.007 - JavaScript
T1189 - Drive-by Compromise

MITREへのリンク →

Winter Vivern

Score: 3.74

Matched TTPs:

T1059.007 - JavaScript
T1189 - Drive-by Compromise

MITREへのリンク →

FIN7

Score: 13.57

Matched TTPs:

T1059.007 - JavaScript
T1674 - Input Injection
T1497.002 - User Activity Based Checks
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Cobalt Group

Score: 6.39

Matched TTPs:

T1059.007 - JavaScript
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

Higaisa

Score: 3.47

Matched TTPs:

T1059.007 - JavaScript
T1203 - Exploitation for Client Execution

MITREへのリンク →

Kimsuky

Score: 5.26

Matched TTPs:

T1059.007 - JavaScript
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Indrik Spider

Score: 5.82

Matched TTPs:

T1059.007 - JavaScript
T1136 - Create Account

MITREへのリンク →

Leafminer

Score: 3.74

Matched TTPs:

T1059.007 - JavaScript
T1189 - Drive-by Compromise

MITREへのリンク →

Mustang Panda

Score: 3.47

Matched TTPs:

T1059.007 - JavaScript
T1203 - Exploitation for Client Execution

MITREへのリンク →

Fox Kitten

Score: 3.29

Matched TTPs:

T1217 - Browser Information Discovery

MITREへのリンク →

Volt Typhoon

Score: 6.72

Matched TTPs:

T1217 - Browser Information Discovery
T1552.004 - Private Keys

MITREへのリンク →

APT38

Score: 5.05

Matched TTPs:

T1217 - Browser Information Discovery
T1189 - Drive-by Compromise

MITREへのリンク →

Scattered Spider

Score: 10.57

Matched TTPs:

T1217 - Browser Information Discovery
T1552.004 - Private Keys
T1136 - Create Account

MITREへのリンク →

Moonstone Sleet

Score: 6.21

Matched TTPs:

T1217 - Browser Information Discovery
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Chimera

Score: 3.29

Matched TTPs:

T1217 - Browser Information Discovery

MITREへのリンク →

TeamTNT

Score: 3.44

Matched TTPs:

T1552.004 - Private Keys

MITREへのリンク →

Storm-0501

Score: 3.44

Matched TTPs:

T1552.004 - Private Keys

MITREへのリンク →

Rocke

Score: 10.35

Matched TTPs:

T1552.004 - Private Keys
T1027.004 - Compile After Delivery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Ferocious Kitten

Score: 3.44

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

BlackTech

Score: 4.93

Matched TTPs:

T1036.002 - Right-to-Left Override
T1203 - Exploitation for Client Execution

MITREへのリンク →

Ke3chang

Score: 3.44

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

Scarlet Mimic

Score: 3.44

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

BRONZE BUTLER

Score: 13.83

Matched TTPs:

T1036.002 - Right-to-Left Override
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

APT29

Score: 9.88

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1027.006 - HTML Smuggling

MITREへのリンク →

Darkhotel

Score: 7.39

Matched TTPs:

T1497.002 - User Activity Based Checks
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT41

Score: 7.71

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Sandworm Team

Score: 4.42

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution

MITREへのリンク →

Dragonfly

Score: 9.34

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1221 - Template Injection

MITREへのリンク →

Threat Group-3390

Score: 6.19

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Daggerfly

Score: 4.69

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1189 - Drive-by Compromise

MITREへのリンク →

APT28

Score: 6.41

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1221 - Template Injection

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Lazarus Group

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Confucius

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Patchwork

Score: 6.54

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Axiom

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Leviathan

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT37

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Sea Turtle

Score: 5.12

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.004 - Compile After Delivery

MITREへのリンク →

Transparent Tribe

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Tropic Trooper

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Inception

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1221 - Template Injection

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Gamaredon Group

Score: 6.77

Matched TTPs:

T1027.004 - Compile After Delivery
T1221 - Template Injection

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

DarkHydrus

Score: 3.15

Matched TTPs:

T1221 - Template Injection

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Salt Typhoon

Score: 3.84

Matched TTPs:

T1136 - Create Account

MITREへのリンク →

Medusa Group

Score: 4.54

Matched TTPs:

T1218.014 - MMC

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

FIN7

Score: 0.82

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1059.007 - JavaScript
T1497.002 - User Activity Based Checks
T1674 - Input Injection

MITREへのリンク →

BRONZE BUTLER

Score: 0.78

Matched TTPs:

T1203 - Exploitation for Client Execution
T1550.003 - Pass the Ticket
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver
T1036.002 - Right-to-Left Override

MITREへのリンク →

Scattered Spider

Score: 0.63

Matched TTPs:

T1217 - Browser Information Discovery
T1552.004 - Private Keys
T1136 - Create Account

MITREへのリンク →

Rocke

Score: 0.61

Matched TTPs:

T1102.001 - Dead Drop Resolver
T1552.004 - Private Keys
T1027.004 - Compile After Delivery

MITREへのリンク →

APT29

Score: 0.60

Matched TTPs:

T1027.006 - HTML Smuggling
T1203 - Exploitation for Client Execution
T1550.003 - Pass the Ticket

MITREへのリンク →

Dragonfly

Score: 0.59

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1221 - Template Injection

MITREへのリンク →

APT32

Score: 0.59

Matched TTPs:

T1189 - Drive-by Compromise
T1059.007 - JavaScript
T1203 - Exploitation for Client Execution
T1550.003 - Pass the Ticket

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る