Zeus Sphinx Pushes Empty Configuration Files
概要
Recent Zeus Sphinx samples have fetched configuration files in which all the target URLs were removed. This means that while Sphinx infection campaigns continue and the malware can infect new machines, it remains idle and lacks attack instructions to target specific banks and banking services.
The only instruction that repeats in all Sphinx configuration is to inject a victim’s “bot ID” into every page he or she visits. In essence, this is a web injection attack: Inject into http*://*, covering any HTTP and HTTPS webpage the victim browses to.
This phase of empty Sphinx configuration files started in March 2017 and increased over the past few months to include all Sphinx samples. This suggests that Sphinx is presently operated by one group, not multiple actors, despite the fact that it was commercially sold in the underground when it was launched in 2015.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 5.36
Matched TTPs:
- T1055 - Process Injection
- T1588.002 - Tool
- T1027.002 - Software Packing
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1055 - Process Injection
- T1588.002 - Tool
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1055 - Process Injection
- T1588.002 - Tool
MITREへのリンク →
Score: 10.37
Matched TTPs:
- T1055 - Process Injection
- T1552.006 - Group Policy Preferences
- T1588.002 - Tool
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1055 - Process Injection
- T1588.002 - Tool
- T1027.002 - Software Packing
- T1027.015 - Compression
MITREへのリンク →
Score: 6.24
Matched TTPs:
- T1055 - Process Injection
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
MITREへのリンク →
Score: 8.65
Matched TTPs:
- T1055 - Process Injection
- T1588.002 - Tool
- T1027.002 - Software Packing
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1055 - Process Injection
- T1056.004 - Credential API Hooking
MITREへのリンク →
Score: 10.30
Matched TTPs:
- T1055 - Process Injection
- T1480 - Execution Guardrails
- T1588.002 - Tool
- T1027.015 - Compression
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1055 - Process Injection
- T1480 - Execution Guardrails
MITREへのリンク →
Score: 11.57
Matched TTPs:
- T1055 - Process Injection
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
- T1027.002 - Software Packing
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 6.24
Matched TTPs:
- T1055 - Process Injection
- T1588.002 - Tool
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 7.22
Matched TTPs:
- T1480 - Execution Guardrails
- T1588.002 - Tool
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.98
Matched TTPs:
- T1552.006 - Group Policy Preferences
- T1588.002 - Tool
MITREへのリンク →
Score: 18.35
Matched TTPs:
- T1621 - Multi-Factor Authentication Request Generation
- T1588.002 - Tool
- T1090.004 - Domain Fronting
- T1651 - Cloud Administration Command
- T1027.002 - Software Packing
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1621 - Multi-Factor Authentication Request Generation
- T1588.002 - Tool
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1621 - Multi-Factor Authentication Request Generation
- T1588.002 - Tool
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1588.002 - Tool
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 7.44
Matched TTPs:
- T1588.002 - Tool
- T1027.002 - Software Packing
- T1218.014 - MMC
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1588.002 - Tool
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1588.002 - Tool
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 5.83
Matched TTPs:
- T1588.002 - Tool
- T1027.002 - Software Packing
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 3.78
Matched TTPs:
- T1588.002 - Tool
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 7.91
Matched TTPs:
- T1588.002 - Tool
- T1137.004 - Outlook Home Page
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1588.002 - Tool
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.78
Matched TTPs:
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
MITREへのリンク →
Score: 6.19
Matched TTPs:
- T1588.002 - Tool
- T1027.002 - Software Packing
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 3.78
Matched TTPs:
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
MITREへのリンク →
Score: 4.98
Matched TTPs:
- T1588.002 - Tool
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 8.98
Matched TTPs:
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
- T1027.002 - Software Packing
- T1027.015 - Compression
MITREへのリンク →
Score: 10.43
Matched TTPs:
- T1588.002 - Tool
- T1027.007 - Dynamic API Resolution
- T1055.001 - Dynamic-link Library Injection
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.78
Matched TTPs:
- T1588.002 - Tool
- T1195.002 - Compromise Software Supply Chain
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1195.002 - Compromise Software Supply Chain
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1027.002 - Software Packing
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1027.002 - Software Packing
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
Score: 6.08
Matched TTPs:
- T1055.001 - Dynamic-link Library Injection
- T1027.015 - Compression
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1102.001 - Dead Drop Resolver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.79
Matched TTPs:
- T1027.002 - Software Packing
- T1566.003 - Spearphishing via Service
- T1090.004 - Domain Fronting
- T1621 - Multi-Factor Authentication Request Generation
- T1588.002 - Tool
- T1651 - Cloud Administration Command
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design