Pulse Detail-

Skynet Tor botnet / Trojan.Tbot samples

概要

This analysis from my my research into file carving, malware, and PCAP analysis. While the EK and Ransomware may be old, it still may have value for some environments.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Recent trends in Nuclear Exploit Kit activity (score: 0.61)
WanaCrypt0r Ransomworm (score: 0.60)
Botnet Pushes GLOBEIMPOSTER RANSOMWARE (score: 0.60)
Malware-Traffic-Analysis.net - FTFY: Necurs Botnet malspam pushing .asasin&quot; variant Locky ransomware (score: 0.60)
Malware-Traffic-Analysis.net - 2017-10-02 - Necurs Botnet malspam sto;; pushing .ykcol&quot; variant Locky ransomware (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

OilRig

Score: 10.61

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1070.009 - Clear Persistence

MITREへのリンク →

Gamaredon Group

Score: 18.09

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1546.017 - Udev Rules

MITREへのリンク →

APT28

Score: 14.44

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence

MITREへのリンク →

Turla

Score: 8.60

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1584.003 - Virtual Private Server
T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice

MITREへのリンク →

Ember Bear

Score: 8.72

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

RedCurl

Score: 9.35

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence

MITREへのリンク →

APT1

Score: 3.63

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server

MITREへのリンク →

Ke3chang

Score: 10.25

Matched TTPs:

T1487 - Disk Structure Wipe
T1027.008 - Stripped Payloads
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling

MITREへのリンク →

FIN5

Score: 3.57

Matched TTPs:

T1487 - Disk Structure Wipe
T1070.009 - Clear Persistence

MITREへのリンク →

HAFNIUM

Score: 13.87

Matched TTPs:

T1487 - Disk Structure Wipe
T1027.008 - Stripped Payloads
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery

MITREへのリンク →

Agrius

Score: 7.34

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1566.004 - Spearphishing Voice

MITREへのリンク →

Winter Vivern

Score: 4.96

Matched TTPs:

T1487 - Disk Structure Wipe
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling

MITREへのリンク →

Confucius

Score: 3.49

Matched TTPs:

T1487 - Disk Structure Wipe
T1219.001 - IDE Tunneling

MITREへのリンク →

FIN6

Score: 5.01

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1070.009 - Clear Persistence

MITREへのリンク →

Patchwork

Score: 6.31

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

Tropic Trooper

Score: 4.87

Matched TTPs:

T1487 - Disk Structure Wipe
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

Sidewinder

Score: 3.49

Matched TTPs:

T1487 - Disk Structure Wipe
T1219.001 - IDE Tunneling

MITREへのリンク →

Chimera

Score: 10.14

Matched TTPs:

T1487 - Disk Structure Wipe
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

Threat Group-3390

Score: 11.61

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1070.009 - Clear Persistence
T1546.017 - Udev Rules

MITREへのリンク →

Mustang Panda

Score: 19.13

Matched TTPs:

T1487 - Disk Structure Wipe
T1091 - Replication Through Removable Media
T1677 - Poisoned Pipeline Execution
T1219.001 - IDE Tunneling
T1169 - Sudo
T1070.009 - Clear Persistence
T1055.005 - Thread Local Storage

MITREへのリンク →

menuPass

Score: 10.82

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence

MITREへのリンク →

APT5

Score: 11.62

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1677 - Poisoned Pipeline Execution
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

Kimsuky

Score: 7.57

Matched TTPs:

T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

BRONZE BUTLER

Score: 7.16

Matched TTPs:

T1584.003 - Virtual Private Server
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence

MITREへのリンク →

APT39

Score: 5.60

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

Axiom

Score: 6.54

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery

MITREへのリンク →

ToddyCat

Score: 4.22

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling

MITREへのリンク →

Fox Kitten

Score: 7.25

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit

MITREへのリンク →

Andariel

Score: 5.29

Matched TTPs:

T1584.003 - Virtual Private Server
T1187 - Forced Authentication

MITREへのリンク →

GALLIUM

Score: 5.15

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1566.004 - Spearphishing Voice

MITREへのリンク →

APT29

Score: 4.30

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1070.009 - Clear Persistence

MITREへのリンク →

Lazarus Group

Score: 11.88

Matched TTPs:

T1584.003 - Virtual Private Server
T1677 - Poisoned Pipeline Execution
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence
T1055.005 - Thread Local Storage

MITREへのリンク →

APT41

Score: 14.31

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1027 - Obfuscated Files or Information
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence
T1037.001 - Logon Script (Windows)

MITREへのリンク →

LuminousMoth

Score: 4.72

Matched TTPs:

T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1219.001 - IDE Tunneling

MITREへのリンク →

Dragonfly

Score: 5.60

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

APT3

Score: 4.13

Matched TTPs:

T1584.003 - Virtual Private Server
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

FIN7

Score: 7.23

Matched TTPs:

T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information

MITREへのリンク →

APT38

Score: 6.47

Matched TTPs:

T1584.003 - Virtual Private Server
T1219.001 - IDE Tunneling
T1027 - Obfuscated Files or Information
T1070.009 - Clear Persistence

MITREへのリンク →

Volt Typhoon

Score: 11.45

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

Wizard Spider

Score: 5.06

Matched TTPs:

T1584.003 - Virtual Private Server
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

Magic Hound

Score: 14.02

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

Sandworm Team

Score: 19.61

Matched TTPs:

T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

FIN13

Score: 4.22

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling

MITREへのリンク →

TA2541

Score: 5.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1546.017 - Udev Rules

MITREへのリンク →

Earth Lusca

Score: 3.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Mustard Tempest

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1543.002 - Systemd Service

MITREへのリンク →

TeamTNT

Score: 4.65

Matched TTPs:

T1091 - Replication Through Removable Media
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

TA505

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1027 - Obfuscated Files or Information

MITREへのリンク →

BlackByte

Score: 9.40

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

APT32

Score: 11.43

Matched TTPs:

T1091 - Replication Through Removable Media
T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence
T1484 - Domain or Tenant Policy Modification

MITREへのリンク →

Moonstone Sleet

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1027 - Obfuscated Files or Information

MITREへのリンク →

Contagious Interview

Score: 4.65

Matched TTPs:

T1091 - Replication Through Removable Media
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

APT42

Score: 5.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1677 - Poisoned Pipeline Execution

MITREへのリンク →

Medusa Group

Score: 13.26

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1027 - Obfuscated Files or Information
T1566.004 - Spearphishing Voice
T1598 - Phishing for Information
T1070.009 - Clear Persistence

MITREへのリンク →

Storm-0501

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information

MITREへのリンク →

Blue Mockingbird

Score: 6.01

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1001.001 - Junk Data

MITREへのリンク →

Leviathan

Score: 4.62

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1546.017 - Udev Rules

MITREへのリンク →

INC Ransom

Score: 7.43

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

UNC3886

Score: 6.39

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

Play

Score: 4.15

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1070.009 - Clear Persistence

MITREへのリンク →

Sowbug

Score: 4.33

Matched TTPs:

T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit

MITREへのリンク →

Velvet Ant

Score: 3.53

Matched TTPs:

T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice

MITREへのリンク →

Scattered Spider

Score: 3.64

Matched TTPs:

T1219.001 - IDE Tunneling
T1027 - Obfuscated Files or Information

MITREへのリンク →

Aoqin Dragon

Score: 3.53

Matched TTPs:

T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice

MITREへのリンク →

Storm-1811

Score: 4.58

Matched TTPs:

T1027 - Obfuscated Files or Information
T1566.004 - Spearphishing Voice

MITREへのリンク →

FIN8

Score: 3.72

Matched TTPs:

T1027 - Obfuscated Files or Information
T1070.009 - Clear Persistence

MITREへのリンク →

FIN10

Score: 3.62

Matched TTPs:

T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence

MITREへのリンク →

Equation

Score: 8.26

Matched TTPs:

T1130 - Install Root Certificate
T1037.001 - Logon Script (Windows)

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1686 - Disable or Modify System Firewall

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Higaisa

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.80

Matched TTPs:

T1091 - Replication Through Removable Media
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice
T1027 - Obfuscated Files or Information
T1049 - System Network Connections Discovery
T1187 - Forced Authentication
T1070.009 - Clear Persistence

MITREへのリンク →

Mustang Panda

Score: 0.77

Matched TTPs:

T1091 - Replication Through Removable Media
T1487 - Disk Structure Wipe
T1219.001 - IDE Tunneling
T1055.005 - Thread Local Storage
T1169 - Sudo
T1677 - Poisoned Pipeline Execution
T1070.009 - Clear Persistence

MITREへのリンク →

Gamaredon Group

Score: 0.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1219.001 - IDE Tunneling
T1552.005 - Cloud Instance Metadata API
T1542.004 - ROMMONkit
T1546.017 - Udev Rules
T1070.009 - Clear Persistence

MITREへのリンク →

HAFNIUM

Score: 0.63

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1027.008 - Stripped Payloads
T1049 - System Network Connections Discovery

MITREへのリンク →

APT28

Score: 0.60

Matched TTPs:

T1487 - Disk Structure Wipe
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1552.005 - Cloud Instance Metadata API
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence

MITREへのリンク →

APT41

Score: 0.60

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice
T1027 - Obfuscated Files or Information
T1037.001 - Logon Script (Windows)
T1070.009 - Clear Persistence

MITREへのリンク →

Magic Hound

Score: 0.59

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1070.009 - Clear Persistence

MITREへのリンク →

Medusa Group

Score: 0.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1566.004 - Spearphishing Voice
T1027 - Obfuscated Files or Information
T1598 - Phishing for Information
T1070.009 - Clear Persistence

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Skynet Tor botnet / Trojan.Tbot samples

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ