Trusted Design

Analysis of Project Cobra (2015)

概要

Project Cobra and the Carbon System were mentioned by Kaspersky in the article called “The Epic Turla Operation” . This malware is used by the same actors as Uroburos (aka Snake/Turla) and Agent.BTZ. We estimate that Carbon System was developed after Agent.BTZ and before Uroburos. The Carbon System shares some technical details with Uroburos and Agent.BTZ (encryption key, encryption algorithm, design, …) and some other links, such as the name of the snake-related project: Cobra. Uroburos could be considered as a kernel centric “snake” and Cobra Carbon System as a userland centric “snake”.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Turla / Pﬁnet / Snake/ Uroburos (2014) (score: 0.70)
Satellite Turla: APT Command and Control in the Sky (score: 0.68)
Snake: Coming soon in Mac OS X flavour (score: 0.66)
The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros (2014) (score: 0.59)
Evolution of sophisticated spyware: from Agent.BTZ to ComRAT (2014) (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

FIN6

Score: 5.25

Matched TTPs:

T1560.003 - Archive via Custom Method
T1036.004 - Masquerade Task or Service

MITREへのリンク →

CopyKittens

Score: 3.15

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Mustang Panda

Score: 14.63

Matched TTPs:

T1560.003 - Archive via Custom Method
T1566.002 - Spearphishing Link
T1678 - Delay Execution
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link

MITREへのリンク →

Kimsuky

Score: 8.05

Matched TTPs:

T1560.003 - Archive via Custom Method
T1566.002 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1204.001 - Malicious Link

MITREへのリンク →

UNC3886

Score: 7.84

Matched TTPs:

T1560.003 - Archive via Custom Method
T1036.004 - Masquerade Task or Service
T1124 - System Time Discovery

MITREへのリンク →

Lotus Blossom

Score: 3.15

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Lazarus Group

Score: 17.04

Matched TTPs:

T1560.003 - Archive via Custom Method
T1566.002 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1529 - System Shutdown/Reboot

MITREへのリンク →

Sidewinder

Score: 5.40

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

FIN7

Score: 11.63

Matched TTPs:

T1566.002 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1497.002 - User Activity Based Checks
T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

APT32

Score: 4.90

Matched TTPs:

T1566.002 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1204.001 - Malicious Link

MITREへのリンク →

ZIRCONIUM

Score: 7.49

Matched TTPs:

T1566.002 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

Magic Hound

Score: 8.52

Matched TTPs:

T1566.002 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1573 - Encrypted Channel
T1204.001 - Malicious Link

MITREへのリンク →

APT29

Score: 6.43

Matched TTPs:

T1566.002 - Spearphishing Link
T1573 - Encrypted Channel
T1204.001 - Malicious Link

MITREへのリンク →

Turla

Score: 5.40

Matched TTPs:

T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1124 - System Time Discovery

MITREへのリンク →

Wizard Spider

Score: 4.90

Matched TTPs:

T1566.002 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1204.001 - Malicious Link

MITREへのリンク →

Winter Vivern

Score: 3.46

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1204.001 - Malicious Link

MITREへのリンク →

BITTER

Score: 5.72

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1573 - Encrypted Channel

MITREへのリンク →

Higaisa

Score: 4.69

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1124 - System Time Discovery

MITREへのリンク →

Darkhotel

Score: 6.72

Matched TTPs:

T1497.002 - User Activity Based Checks
T1124 - System Time Discovery

MITREへのリンク →

Tropic Trooper

Score: 3.62

Matched TTPs:

T1573 - Encrypted Channel

MITREへのリンク →

Contagious Interview

Score: 5.90

Matched TTPs:

T1543.001 - Launch Agent
T1204.001 - Malicious Link

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1001.002 - Steganography

MITREへのリンク →

APT38

Score: 4.98

Matched TTPs:

T1204.001 - Malicious Link
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT28

Score: 5.49

Matched TTPs:

T1204.001 - Malicious Link
T1550.001 - Application Access Token

MITREへのリンク →

HAFNIUM

Score: 4.13

Matched TTPs:

T1550.001 - Application Access Token

MITREへのリンク →

APT37

Score: 3.62

Matched TTPs:

T1529 - System Shutdown/Reboot

MITREへのリンク →

Medusa Group

Score: 3.62

Matched TTPs:

T1529 - System Shutdown/Reboot

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.80

Matched TTPs:

T1124 - System Time Discovery
T1036.004 - Masquerade Task or Service
T1566.002 - Spearphishing Link
T1529 - System Shutdown/Reboot
T1560.003 - Archive via Custom Method
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Mustang Panda

Score: 0.71

Matched TTPs:

T1678 - Delay Execution
T1204.001 - Malicious Link
T1566.002 - Spearphishing Link
T1560.003 - Archive via Custom Method
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN7

Score: 0.60

Matched TTPs:

T1124 - System Time Discovery
T1036.004 - Masquerade Task or Service
T1566.002 - Spearphishing Link
T1204.001 - Malicious Link
T1497.002 - User Activity Based Checks

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る