Trusted Design

FakeGlobe and Cerber Ransomware: Sneaking under the radar while WeCry

概要

Recently, SpiderLabs observed a constant influx of spam that distributes two ransomware families, perhaps trying to sneak in while everyone is focused with the recent WannaCry malware. Based on data from our Spam Research Database, an email campaign distributing FakeGlobe ransomware started last May 19th and died down on May 21st . But just a couple hours later it was the Cerber ransomware's turn which subsided three days later. This is not a massive campaign, but SpiderLabs did notice almost 31,000 spam emails in our system distributed for both types of malware. the botnet origin of this email spam campaign remains unknown, however, the majority of the spam originates from Vietnam, India, and Laos. This merely indicates where the compromised computers are located.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 12.55
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1598 - Phishing for Information
MITREへのリンク →

FIN4

Score: 5.58
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Ember Bear

Score: 4.13
Matched TTPs:
  • T1491.002 - External Defacement
MITREへのリンク →

Sandworm Team

Score: 22.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
MITREへのリンク →

Kimsuky

Score: 31.45
Matched TTPs:
  • T1036.007 - Double File Extension
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1657 - Financial Theft
  • T1593 - Search Open Websites/Domains
  • T1566 - Phishing
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
MITREへのリンク →

Mustang Panda

Score: 22.84
Matched TTPs:
  • T1036.007 - Double File Extension
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1593 - Search Open Websites/Domains
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Mustard Tempest

Score: 12.50
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1608.006 - SEO Poisoning
MITREへのリンク →

menuPass

Score: 3.84
Matched TTPs:
  • T1568.001 - Fast Flux DNS
MITREへのリンク →

TA505

Score: 7.26
Matched TTPs:
  • T1568.001 - Fast Flux DNS
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
MITREへのリンク →

Gamaredon Group

Score: 8.22
Matched TTPs:
  • T1568.001 - Fast Flux DNS
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

MuddyWater

Score: 3.84
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

LuminousMoth

Score: 3.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
MITREへのリンク →

Sidewinder

Score: 3.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
MITREへのリンク →

FIN7

Score: 5.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

FIN8

Score: 6.94
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1573.002 - Asymmetric Cryptography
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT32

Score: 8.62
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Lazarus Group

Score: 19.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Leviathan

Score: 6.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1584.004 - Server
MITREへのリンク →

APT33

Score: 4.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

ZIRCONIUM

Score: 9.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
MITREへのリンク →

EXOTIC LILY

Score: 9.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1593.001 - Social Media
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Magic Hound

Score: 11.49
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1102.002 - Bidirectional Communication
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 14.10
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Windshift

Score: 3.97
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cobalt Group

Score: 4.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

APT29

Score: 6.64
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA2541

Score: 6.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Earth Lusca

Score: 6.25
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1584.004 - Server
MITREへのリンク →

RedCurl

Score: 4.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Storm-1811

Score: 8.51
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1667 - Email Bombing
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 6.68
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
MITREへのリンク →

Wizard Spider

Score: 4.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
MITREへのリンク →

Patchwork

Score: 3.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
MITREへのリンク →

LazyScripter

Score: 3.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
MITREへのリンク →

APT42

Score: 6.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

APT39

Score: 3.84
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT28

Score: 10.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
MITREへのリンク →

Star Blizzard

Score: 10.38
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1593 - Search Open Websites/Domains
MITREへのリンク →

Moonstone Sleet

Score: 10.39
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

CURIUM

Score: 4.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 5.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1584.004 - Server
MITREへのリンク →

HEXANE

Score: 7.04
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Contagious Interview

Score: 16.90
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1657 - Financial Theft
  • T1593 - Search Open Websites/Domains
  • T1593.001 - Social Media
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

HAFNIUM

Score: 3.62
Matched TTPs:
  • T1584.005 - Botnet
MITREへのリンク →

Axiom

Score: 11.44
Matched TTPs:
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1001.002 - Steganography
MITREへのリンク →

Volt Typhoon

Score: 9.74
Matched TTPs:
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1584.004 - Server
MITREへのリンク →

INC Ransom

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Medusa Group

Score: 13.43
Matched TTPs:
  • T1657 - Financial Theft
  • T1573.002 - Asymmetric Cryptography
  • T1650 - Acquire Access
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sea Turtle

Score: 3.29
Matched TTPs:
  • T1566 - Phishing
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1566 - Phishing
MITREへのリンク →

APT37

Score: 6.02
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

FIN6

Score: 8.02
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

APT38

Score: 3.62
Matched TTPs:
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.83
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
  • T1036.007 - Double File Extension
  • T1608.001 - Upload Malware
  • T1586.002 - Email Accounts
  • T1598 - Phishing for Information
  • T1593 - Search Open Websites/Domains
  • T1102.002 - Bidirectional Communication
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1593.001 - Social Media
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1584.005 - Botnet
  • T1608.001 - Upload Malware
  • T1584.004 - Server
  • T1593 - Search Open Websites/Domains
  • T1102.002 - Bidirectional Communication
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Mustang Panda

Score: 0.64
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1036.007 - Double File Extension
  • T1608.001 - Upload Malware
  • T1586.002 - Email Accounts
  • T1593 - Search Open Websites/Domains
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Lazarus Group

Score: 0.57
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1584.004 - Server
  • T1102.002 - Bidirectional Communication
  • T1529 - System Shutdown/Reboot
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1566.003 - Spearphishing via Service
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る