Trusted Design

FakeGlobe and Cerber Ransomware: Sneaking under the radar while WeCry

概要

Recently, SpiderLabs observed a constant influx of spam that distributes two ransomware families, perhaps trying to sneak in while everyone is focused with the recent WannaCry malware. Based on data from our Spam Research Database, an email campaign distributing FakeGlobe ransomware started last May 19th and died down on May 21st . But just a couple hours later it was the Cerber ransomware's turn which subsided three days later. This is not a massive campaign, but SpiderLabs did notice almost 31,000 spam emails in our system distributed for both types of malware. the botnet origin of this email spam campaign remains unknown, however, the majority of the spam originates from Vietnam, India, and Laos. This merely indicates where the compromised computers are located.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

MarsJoke Ransomware Mimics CTB-Locker (score: 0.74)
CryptFile2 Ransomware Returns in High Volume URL Campaigns (score: 0.68)
Jaff Ransomware and Suspicious PDF Delivery (score: 0.67)
CryptoApp ransomware: changes & active campaign (score: 0.67)
Cryptowall Spam: My Resume Protects All Your Files (score: 0.66)

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 12.55

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1566.002 - Spearphishing Link
T1552.003 - Shell History
T1197 - BITS Jobs

MITREへのリンク →

FIN4

Score: 5.58

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1543.003 - Windows Service

MITREへのリンク →

Ember Bear

Score: 4.13

Matched TTPs:

T1564.008 - Email Hiding Rules

MITREへのリンク →

Sandworm Team

Score: 22.15

Matched TTPs:

T1564.008 - Email Hiding Rules
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication
T1547.002 - Authentication Package
T1546.016 - Installer Packages

MITREへのリンク →

Kimsuky

Score: 31.45

Matched TTPs:

T1053.007 - Container Orchestration Job
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1102.003 - One-Way Communication
T1562.013 - Disable or Modify Network Device Firewall
T1690 - Prevent Command History Logging
T1547.002 - Authentication Package
T1197 - BITS Jobs

MITREへのリンク →

Mustang Panda

Score: 22.84

Matched TTPs:

T1053.007 - Container Orchestration Job
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

Mustard Tempest

Score: 12.50

Matched TTPs:

T1682 - Query Public AI Services
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1543.002 - Systemd Service

MITREへのリンク →

menuPass

Score: 3.84

Matched TTPs:

T1527 - Application Access Token

MITREへのリンク →

TA505

Score: 7.26

Matched TTPs:

T1527 - Application Access Token
T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

Gamaredon Group

Score: 8.22

Matched TTPs:

T1527 - Application Access Token
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

MuddyWater

Score: 3.84

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package

MITREへのリンク →

LuminousMoth

Score: 3.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

Sidewinder

Score: 3.91

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link

MITREへのリンク →

FIN7

Score: 5.82

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

FIN8

Score: 6.94

Matched TTPs:

T1543.003 - Windows Service
T1128 - Netsh Helper DLL
T1556 - Modify Authentication Process

MITREへのリンク →

APT32

Score: 8.62

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1556 - Modify Authentication Process

MITREへのリンク →

Lazarus Group

Score: 19.70

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process
T1216 - System Script Proxy Execution

MITREへのリンク →

Leviathan

Score: 6.95

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1546.016 - Installer Packages

MITREへのリンク →

APT33

Score: 4.19

Matched TTPs:

T1543.003 - Windows Service
T1556 - Modify Authentication Process

MITREへのリンク →

ZIRCONIUM

Score: 9.74

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1547.002 - Authentication Package
T1197 - BITS Jobs

MITREへのリンク →

EXOTIC LILY

Score: 9.79

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1690 - Prevent Command History Logging
T1547.008 - LSASS Driver

MITREへのリンク →

Magic Hound

Score: 11.49

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1547.002 - Authentication Package
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 14.10

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Windshift

Score: 3.97

Matched TTPs:

T1543.003 - Windows Service
T1547.008 - LSASS Driver

MITREへのリンク →

Cobalt Group

Score: 4.19

Matched TTPs:

T1543.003 - Windows Service
T1128 - Netsh Helper DLL

MITREへのリンク →

APT29

Score: 6.64

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1547.008 - LSASS Driver

MITREへのリンク →

TA2541

Score: 6.17

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

Earth Lusca

Score: 6.25

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1546.016 - Installer Packages

MITREへのリンク →

RedCurl

Score: 4.19

Matched TTPs:

T1543.003 - Windows Service
T1128 - Netsh Helper DLL

MITREへのリンク →

Storm-1811

Score: 8.51

Matched TTPs:

T1543.003 - Windows Service
T1567.003 - Exfiltration to Text Storage Sites
T1547.008 - LSASS Driver

MITREへのリンク →

Turla

Score: 6.68

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package
T1546.016 - Installer Packages

MITREへのリンク →

Wizard Spider

Score: 4.19

Matched TTPs:

T1543.003 - Windows Service
T1556 - Modify Authentication Process

MITREへのリンク →

TA577

Score: 4.11

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol

MITREへのリンク →

Patchwork

Score: 3.91

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link

MITREへのリンク →

LazyScripter

Score: 3.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

APT42

Score: 6.17

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

APT39

Score: 3.84

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package

MITREへのリンク →

APT28

Score: 10.96

Matched TTPs:

T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1547.002 - Authentication Package
T1197 - BITS Jobs

MITREへのリンク →

Star Blizzard

Score: 10.38

Matched TTPs:

T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication

MITREへのリンク →

Moonstone Sleet

Score: 10.39

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1197 - BITS Jobs
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 4.98

Matched TTPs:

T1566.002 - Spearphishing Link
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 5.29

Matched TTPs:

T1566.002 - Spearphishing Link
T1546.016 - Installer Packages

MITREへのリンク →

HEXANE

Score: 7.04

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

Contagious Interview

Score: 16.90

Matched TTPs:

T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

HAFNIUM

Score: 3.62

Matched TTPs:

T1049 - System Network Connections Discovery

MITREへのリンク →

Axiom

Score: 11.44

Matched TTPs:

T1049 - System Network Connections Discovery
T1562.013 - Disable or Modify Network Device Firewall
T1160 - Launch Daemon

MITREへのリンク →

Volt Typhoon

Score: 9.74

Matched TTPs:

T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication
T1546.016 - Installer Packages

MITREへのリンク →

INC Ransom

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Medusa Group

Score: 13.43

Matched TTPs:

T1552.003 - Shell History
T1128 - Netsh Helper DLL
T1598 - Phishing for Information
T1216 - System Script Proxy Execution

MITREへのリンク →

Sea Turtle

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

APT37

Score: 6.02

Matched TTPs:

T1547.002 - Authentication Package
T1216 - System Script Proxy Execution

MITREへのリンク →

FIN6

Score: 8.02

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

APT38

Score: 3.62

Matched TTPs:

T1216 - System Script Proxy Execution

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.83

Matched TTPs:

T1690 - Prevent Command History Logging
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1053.007 - Container Orchestration Job
T1547.002 - Authentication Package
T1552.003 - Shell History
T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Sandworm Team

Score: 0.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1566.002 - Spearphishing Link
T1564.008 - Email Hiding Rules
T1543.003 - Windows Service
T1049 - System Network Connections Discovery

MITREへのリンク →

Mustang Panda

Score: 0.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1055.005 - Thread Local Storage
T1102.003 - One-Way Communication
T1053.007 - Container Orchestration Job
T1566.002 - Spearphishing Link
T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1556 - Modify Authentication Process

MITREへのリンク →

Lazarus Group

Score: 0.57

Matched TTPs:

T1055.005 - Thread Local Storage
T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1543.003 - Windows Service
T1216 - System Script Proxy Execution
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る