Pulse Detail-

Evolution of sophisticated spyware: from Agent.BTZ to ComRAT (2014)

概要

In November 2014, the experts of the G DATA SecurityLabs published an article about ComRAT, the Agent.BTZ successor. We explained that this case is linked to the Uroburos rootkit. We assume that the actor behind these campaigns uses several different malware strains is order to compromise the targeted infrastructure: Uroburos, a rootkit; Agent.BTZ/ComRAT, remote administration tools or Linux malware and maybe even more

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Turla / Pﬁnet / Snake/ Uroburos (2014) (score: 0.66)
New Spy Banker Trojan Telax abusing Google Cloud Servers (score: 0.63)
Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (score: 0.62)
GamaPoS: The Andromeda Botnet Connection (score: 0.61)
Bublik malware on Metadefender.com (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 5.63

Matched TTPs:

T1491.002 - External Defacement
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 18.29

Matched TTPs:

T1491.002 - External Defacement
T1587.001 - Malware
T1608.001 - Upload Malware
T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Winnti Group

Score: 4.06

Matched TTPs:

T1014 - Rootkit
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT41

Score: 10.49

Matched TTPs:

T1014 - Rootkit
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Rocke

Score: 7.35

Matched TTPs:

T1014 - Rootkit
T1105 - Ingress Tool Transfer
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TeamTNT

Score: 8.13

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT28

Score: 12.81

Matched TTPs:

T1014 - Rootkit
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

UNC3886

Score: 11.01

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1681 - Search Threat Vendor Data
T1203 - Exploitation for Client Execution

MITREへのリンク →

Kimsuky

Score: 11.14

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link
T1102.001 - Dead Drop Resolver

MITREへのリンク →

FIN13

Score: 7.45

Matched TTPs:

T1587.001 - Malware
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1090.001 - Internal Proxy

MITREへのリンク →

Moonstone Sleet

Score: 10.65

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 7.35

Matched TTPs:

T1587.001 - Malware
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Lazarus Group

Score: 22.94

Matched TTPs:

T1587.001 - Malware
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service
T1090.001 - Internal Proxy
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Contagious Interview

Score: 23.91

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1543.001 - Launch Agent
T1204.004 - Malicious Copy and Paste
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

OilRig

Score: 14.62

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

LuminousMoth

Score: 6.21

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Salt Typhoon

Score: 4.84

Matched TTPs:

T1587.001 - Malware
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT29

Score: 8.25

Matched TTPs:

T1587.001 - Malware
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1587.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

RedCurl

Score: 3.46

Matched TTPs:

T1587.001 - Malware
T1204.001 - Malicious Link

MITREへのリンク →

Turla

Score: 11.76

Matched TTPs:

T1587.001 - Malware
T1189 - Drive-by Compromise
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link
T1090.001 - Internal Proxy

MITREへのリンク →

Mustang Panda

Score: 19.12

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1608 - Stage Capabilities
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN7

Score: 7.85

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link

MITREへのリンク →

TA2541

Score: 4.11

Matched TTPs:

T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Earth Lusca

Score: 7.93

Matched TTPs:

T1608.001 - Upload Malware
T1189 - Drive-by Compromise
T1584.004 - Server
T1204.001 - Malicious Link

MITREへのリンク →

Mustard Tempest

Score: 5.88

Matched TTPs:

T1608.001 - Upload Malware
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

LazyScripter

Score: 4.11

Matched TTPs:

T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Gamaredon Group

Score: 8.65

Matched TTPs:

T1608.001 - Upload Malware
T1001 - Data Obfuscation
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Threat Group-3390

Score: 10.14

Matched TTPs:

T1608.001 - Upload Malware
T1608.002 - Upload Tool
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer

MITREへのリンク →

TA505

Score: 4.11

Matched TTPs:

T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

BlackByte

Score: 4.40

Matched TTPs:

T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

BITTER

Score: 4.24

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT32

Score: 10.11

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

HEXANE

Score: 4.40

Matched TTPs:

T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Saint Bear

Score: 4.83

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1204.001 - Malicious Link

MITREへのリンク →

EXOTIC LILY

Score: 7.35

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1659 - Content Injection

MITREへのリンク →

Medusa Group

Score: 6.56

Matched TTPs:

T1608.002 - Upload Tool
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Fox Kitten

Score: 5.71

Matched TTPs:

T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Volt Typhoon

Score: 15.09

Matched TTPs:

T1217 - Browser Information Discovery
T1584.005 - Botnet
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1090.001 - Internal Proxy

MITREへのリンク →

APT38

Score: 7.19

Matched TTPs:

T1217 - Browser Information Discovery
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Scattered Spider

Score: 5.71

Matched TTPs:

T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Chimera

Score: 5.71

Matched TTPs:

T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

HAFNIUM

Score: 4.40

Matched TTPs:

T1584.005 - Botnet
T1105 - Ingress Tool Transfer

MITREへのリンク →

Axiom

Score: 8.53

Matched TTPs:

T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Sidewinder

Score: 3.63

Matched TTPs:

T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Dragonfly

Score: 8.52

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Andariel

Score: 4.04

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer

MITREへのリンク →

Confucius

Score: 3.63

Matched TTPs:

T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Patchwork

Score: 10.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Higaisa

Score: 4.42

Matched TTPs:

T1203 - Exploitation for Client Execution
T1090.001 - Internal Proxy

MITREへのリンク →

Cobalt Group

Score: 5.28

Matched TTPs:

T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link

MITREへのリンク →

Leviathan

Score: 9.88

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link

MITREへのリンク →

APT37

Score: 4.04

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT3

Score: 5.28

Matched TTPs:

T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link

MITREへのリンク →

BRONZE BUTLER

Score: 7.32

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Transparent Tribe

Score: 4.62

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1204.001 - Malicious Link

MITREへのリンク →

Elderwood

Score: 5.40

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Darkhotel

Score: 4.04

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT33

Score: 6.38

Matched TTPs:

T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

MuddyWater

Score: 3.63

Matched TTPs:

T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Windshift

Score: 6.43

Matched TTPs:

T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Winter Vivern

Score: 3.90

Matched TTPs:

T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Machete

Score: 3.13

Matched TTPs:

T1189 - Drive-by Compromise
T1204.001 - Malicious Link

MITREへのリンク →

CURIUM

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Daggerfly

Score: 6.74

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Magic Hound

Score: 8.07

Matched TTPs:

T1189 - Drive-by Compromise
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link
T1566.003 - Spearphishing via Service

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1564.005 - Hidden File System
T1090.001 - Internal Proxy

MITREへのリンク →

APT39

Score: 6.71

Matched TTPs:

T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link
T1090.001 - Internal Proxy

MITREへのリンク →

Storm-1811

Score: 3.30

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Wizard Spider

Score: 6.53

Matched TTPs:

T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN8

Score: 6.53

Matched TTPs:

T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol
T1204.001 - Malicious Link
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Ajax Security Team

Score: 3.30

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN6

Score: 6.92

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Velvet Ant

Score: 7.06

Matched TTPs:

T1090.001 - Internal Proxy
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Contagious Interview

Score: 0.81

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1587.001 - Malware
T1608.001 - Upload Malware
T1543.001 - Launch Agent
T1204.004 - Malicious Copy and Paste
T1566.003 - Spearphishing via Service
T1681 - Search Threat Vendor Data
T1204.001 - Malicious Link

MITREへのリンク →

Lazarus Group

Score: 0.81

Matched TTPs:

T1584.004 - Server
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1027.007 - Dynamic API Resolution
T1587.001 - Malware
T1090.001 - Internal Proxy
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Mustang Panda

Score: 0.68

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1587.001 - Malware
T1608.001 - Upload Malware
T1608 - Stage Capabilities
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Sandworm Team

Score: 0.67

Matched TTPs:

T1491.002 - External Defacement
T1584.004 - Server
T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1587.001 - Malware
T1608.001 - Upload Malware
T1105 - Ingress Tool Transfer
T1204.001 - Malicious Link

MITREへのリンク →

Volt Typhoon

Score: 0.56

Matched TTPs:

T1584.004 - Server
T1584.005 - Botnet
T1090.001 - Internal Proxy
T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Evolution of sophisticated spyware: from Agent.BTZ to ComRAT (2014)

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ