Pulse Detail-

Evolution of sophisticated spyware: from Agent.BTZ to ComRAT (2014)

概要

In November 2014, the experts of the G DATA SecurityLabs published an article about ComRAT, the Agent.BTZ successor. We explained that this case is linked to the Uroburos rootkit. We assume that the actor behind these campaigns uses several different malware strains is order to compromise the targeted infrastructure: Uroburos, a rootkit; Agent.BTZ/ComRAT, remote administration tools or Linux malware and maybe even more

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Turla / Pﬁnet / Snake/ Uroburos (2014) (score: 0.66)
New Spy Banker Trojan Telax abusing Google Cloud Servers (score: 0.63)
Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (score: 0.62)
GamaPoS: The Andromeda Botnet Connection (score: 0.61)
Bublik malware on Metadefender.com (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 5.63

Matched TTPs:

T1564.008 - Email Hiding Rules
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 18.29

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Winnti Group

Score: 4.06

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT41

Score: 10.49

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1008 - Fallback Channels

MITREへのリンク →

Rocke

Score: 7.35

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

TeamTNT

Score: 8.13

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT28

Score: 12.81

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 11.01

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1218.010 - Regsvr32

MITREへのリンク →

Kimsuky

Score: 11.14

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1008 - Fallback Channels

MITREへのリンク →

FIN13

Score: 7.45

Matched TTPs:

T1606.002 - SAML Tokens
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1569.002 - Service Execution

MITREへのリンク →

Moonstone Sleet

Score: 10.65

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1491 - Defacement
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Indrik Spider

Score: 7.35

Matched TTPs:

T1606.002 - SAML Tokens
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Lazarus Group

Score: 22.94

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1622 - Debugger Evasion
T1547.008 - LSASS Driver
T1569.002 - Service Execution
T1556 - Modify Authentication Process

MITREへのリンク →

Contagious Interview

Score: 23.91

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1059.006 - Python
T1221 - Template Injection
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

OilRig

Score: 14.62

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

LuminousMoth

Score: 6.21

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Salt Typhoon

Score: 4.84

Matched TTPs:

T1606.002 - SAML Tokens
T1556 - Modify Authentication Process

MITREへのリンク →

APT29

Score: 8.25

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 3.46

Matched TTPs:

T1606.002 - SAML Tokens
T1027.018 - Invisible Unicode

MITREへのリンク →

Turla

Score: 11.76

Matched TTPs:

T1606.002 - SAML Tokens
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1569.002 - Service Execution

MITREへのリンク →

Mustang Panda

Score: 19.12

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1569.001 - Launchctl
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode
T1556 - Modify Authentication Process

MITREへのリンク →

FIN7

Score: 7.85

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

TA2541

Score: 4.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Earth Lusca

Score: 7.93

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustard Tempest

Score: 5.88

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

LazyScripter

Score: 4.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Gamaredon Group

Score: 8.65

Matched TTPs:

T1091 - Replication Through Removable Media
T1061 - Graphical User Interface
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Threat Group-3390

Score: 10.14

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.003 - CMSTP
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA505

Score: 4.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

BlackByte

Score: 4.40

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

BITTER

Score: 4.24

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT32

Score: 10.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1556 - Modify Authentication Process

MITREへのリンク →

HEXANE

Score: 4.40

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Saint Bear

Score: 4.83

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

EXOTIC LILY

Score: 7.35

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

Medusa Group

Score: 6.56

Matched TTPs:

T1218.003 - CMSTP
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Fox Kitten

Score: 5.71

Matched TTPs:

T1491 - Defacement
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Volt Typhoon

Score: 15.09

Matched TTPs:

T1491 - Defacement
T1049 - System Network Connections Discovery
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1569.002 - Service Execution

MITREへのリンク →

APT38

Score: 7.19

Matched TTPs:

T1491 - Defacement
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Scattered Spider

Score: 5.71

Matched TTPs:

T1491 - Defacement
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Chimera

Score: 5.71

Matched TTPs:

T1491 - Defacement
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

HAFNIUM

Score: 4.40

Matched TTPs:

T1049 - System Network Connections Discovery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Axiom

Score: 8.53

Matched TTPs:

T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1622 - Debugger Evasion

MITREへのリンク →

Sidewinder

Score: 3.63

Matched TTPs:

T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Dragonfly

Score: 8.52

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Andariel

Score: 4.04

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Confucius

Score: 3.63

Matched TTPs:

T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Patchwork

Score: 10.33

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1008 - Fallback Channels

MITREへのリンク →

Higaisa

Score: 4.42

Matched TTPs:

T1218.010 - Regsvr32
T1569.002 - Service Execution

MITREへのリンク →

Cobalt Group

Score: 5.28

Matched TTPs:

T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Leviathan

Score: 9.88

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

APT37

Score: 4.04

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT3

Score: 5.28

Matched TTPs:

T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

BRONZE BUTLER

Score: 7.32

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

Transparent Tribe

Score: 4.62

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Elderwood

Score: 5.40

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Darkhotel

Score: 4.04

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT33

Score: 6.38

Matched TTPs:

T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1556 - Modify Authentication Process

MITREへのリンク →

MuddyWater

Score: 3.63

Matched TTPs:

T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Windshift

Score: 6.43

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Winter Vivern

Score: 3.90

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Machete

Score: 3.13

Matched TTPs:

T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

CURIUM

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Daggerfly

Score: 6.74

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 8.07

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1130 - Install Root Certificate
T1569.002 - Service Execution

MITREへのリンク →

APT39

Score: 6.71

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1569.002 - Service Execution

MITREへのリンク →

Storm-1811

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Wizard Spider

Score: 6.53

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1556 - Modify Authentication Process

MITREへのリンク →

FIN8

Score: 6.53

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1556 - Modify Authentication Process

MITREへのリンク →

Ajax Security Team

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

FIN6

Score: 6.92

Matched TTPs:

T1622 - Debugger Evasion
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Velvet Ant

Score: 7.06

Matched TTPs:

T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Contagious Interview

Score: 0.81

Matched TTPs:

T1021.006 - Windows Remote Management
T1091 - Replication Through Removable Media
T1606.002 - SAML Tokens
T1221 - Template Injection
T1027.018 - Invisible Unicode
T1556 - Modify Authentication Process
T1059.006 - Python
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 0.81

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1059.012 - Hypervisor CLI
T1606.002 - SAML Tokens
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process
T1622 - Debugger Evasion
T1569.002 - Service Execution
T1547.008 - LSASS Driver
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

Mustang Panda

Score: 0.68

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1091 - Replication Through Removable Media
T1606.002 - SAML Tokens
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode
T1556 - Modify Authentication Process
T1569.001 - Launchctl
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 0.67

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1564.008 - Email Hiding Rules
T1091 - Replication Through Removable Media
T1606.002 - SAML Tokens
T1027.018 - Invisible Unicode
T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

Volt Typhoon

Score: 0.56

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1491 - Defacement
T1622 - Debugger Evasion
T1049 - System Network Connections Discovery
T1569.002 - Service Execution
T1546.016 - Installer Packages

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Evolution of sophisticated spyware: from Agent.BTZ to ComRAT (2014)

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ