Trusted Design

Rurktar Backdoor

概要

There is a new malware called Rurktar[2]. It’s a trojan spy which is installed as service called RCSU. The service connects back to the attacker machine and waits for commands which will be given by the attacker. The file size of the malware is mostly around ~50Kb, as you can see from the list of sample hashes at the end of this report. Currently, the trojan spy is still in development and is not spotted in-the-wild yet. This could change once the trojan spy has fully developed.

Created: 2026-02-23

Indicators

類似Pulses

TrojanSpy:MSIL/Ruzmoil (score: 0.65)
Backdoor:Win32/Saluchtra (score: 0.64)
Trojan:Win32/Hilasy (score: 0.63)
Backdoor:MSIL/Noobsrat (score: 0.62)
Backdoor:MSIL/Noobsrat (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29

Matched TTPs:

T1499.001 - OS Exhaustion Flood

MITREへのリンク →

APT41

Score: 17.38

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1574.009 - Path Interception by Unquoted Path
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1668 - Exclusive Control
T1008 - Fallback Channels

MITREへのリンク →

Rocke

Score: 11.19

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1008 - Fallback Channels

MITREへのリンク →

TeamTNT

Score: 13.26

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1003.007 - Proc Filesystem
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1665 - Hide Infrastructure

MITREへのリンク →

APT28

Score: 18.70

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1552.005 - Cloud Instance Metadata API
T1542.004 - ROMMONkit
T1574.009 - Path Interception by Unquoted Path
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1668 - Exclusive Control

MITREへのリンク →

UNC3886

Score: 8.51

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1070.009 - Clear Persistence
T1219.002 - Remote Desktop Software

MITREへのリンク →

OilRig

Score: 8.71

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1003.007 - Proc Filesystem
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption

MITREへのリンク →

Gamaredon Group

Score: 12.38

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1546.017 - Udev Rules

MITREへのリンク →

Turla

Score: 7.33

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1003.007 - Proc Filesystem
T1556.005 - Reversible Encryption

MITREへのリンク →

BRONZE BUTLER

Score: 14.45

Matched TTPs:

T1003.007 - Proc Filesystem
T1580 - Cloud Infrastructure Discovery
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1008 - Fallback Channels

MITREへのリンク →

Aquatic Panda

Score: 6.65

Matched TTPs:

T1003.007 - Proc Filesystem
T1070.009 - Clear Persistence
T1668 - Exclusive Control

MITREへのリンク →

Kimsuky

Score: 22.89

Matched TTPs:

T1003.007 - Proc Filesystem
T1580 - Cloud Infrastructure Discovery
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1668 - Exclusive Control
T1126 - Network Share Connection Removal
T1665 - Hide Infrastructure
T1008 - Fallback Channels

MITREへのリンク →

Chimera

Score: 13.71

Matched TTPs:

T1003.007 - Proc Filesystem
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1668 - Exclusive Control
T1665 - Hide Infrastructure

MITREへのリンク →

Ke3chang

Score: 3.71

Matched TTPs:

T1003.007 - Proc Filesystem
T1556.005 - Reversible Encryption

MITREへのリンク →

Volt Typhoon

Score: 8.79

Matched TTPs:

T1003.007 - Proc Filesystem
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1665 - Hide Infrastructure

MITREへのリンク →

APT1

Score: 5.27

Matched TTPs:

T1003.007 - Proc Filesystem
T1668 - Exclusive Control

MITREへのリンク →

Leviathan

Score: 6.19

Matched TTPs:

T1580 - Cloud Infrastructure Discovery
T1546.017 - Udev Rules

MITREへのリンク →

APT29

Score: 10.31

Matched TTPs:

T1580 - Cloud Infrastructure Discovery
T1070.009 - Clear Persistence
T1219.002 - Remote Desktop Software
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Moafee

Score: 3.03

Matched TTPs:

T1580 - Cloud Infrastructure Discovery

MITREへのリンク →

Higaisa

Score: 10.21

Matched TTPs:

T1580 - Cloud Infrastructure Discovery
T1556.005 - Reversible Encryption
T1665 - Hide Infrastructure
T1546.017 - Udev Rules

MITREへのリンク →

Patchwork

Score: 12.59

Matched TTPs:

T1580 - Cloud Infrastructure Discovery
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1665 - Hide Infrastructure
T1008 - Fallback Channels

MITREへのリンク →

Akira

Score: 3.03

Matched TTPs:

T1580 - Cloud Infrastructure Discovery

MITREへのリンク →

RedCurl

Score: 5.60

Matched TTPs:

T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption

MITREへのリンク →

Sowbug

Score: 3.03

Matched TTPs:

T1542.004 - ROMMONkit

MITREへのリンク →

menuPass

Score: 7.70

Matched TTPs:

T1542.004 - ROMMONkit
T1174 - Password Filter DLL
T1070.009 - Clear Persistence

MITREへのリンク →

Fox Kitten

Score: 3.03

Matched TTPs:

T1542.004 - ROMMONkit

MITREへのリンク →

Lazarus Group

Score: 12.82

Matched TTPs:

T1174 - Password Filter DLL
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure

MITREへのリンク →

Daggerfly

Score: 4.47

Matched TTPs:

T1174 - Password Filter DLL
T1556.005 - Reversible Encryption

MITREへのリンク →

APT32

Score: 8.60

Matched TTPs:

T1174 - Password Filter DLL
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1668 - Exclusive Control

MITREへのリンク →

APT38

Score: 12.45

Matched TTPs:

T1174 - Password Filter DLL
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1059.005 - Visual Basic

MITREへのリンク →

GALLIUM

Score: 8.08

Matched TTPs:

T1174 - Password Filter DLL
T1537 - Transfer Data to Cloud Account
T1668 - Exclusive Control

MITREへのリンク →

Play

Score: 4.82

Matched TTPs:

T1574.009 - Path Interception by Unquoted Path
T1070.009 - Clear Persistence

MITREへのリンク →

LuminousMoth

Score: 4.63

Matched TTPs:

T1574.009 - Path Interception by Unquoted Path
T1556.005 - Reversible Encryption

MITREへのリンク →

Threat Group-3390

Score: 11.21

Matched TTPs:

T1574.009 - Path Interception by Unquoted Path
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1546.017 - Udev Rules

MITREへのリンク →

Contagious Interview

Score: 9.76

Matched TTPs:

T1059.006 - Python
T1070.009 - Clear Persistence
T1126 - Network Share Connection Removal

MITREへのリンク →

Tropic Trooper

Score: 5.40

Matched TTPs:

T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1665 - Hide Infrastructure

MITREへのリンク →

Ember Bear

Score: 4.13

Matched TTPs:

T1070.009 - Clear Persistence
T1668 - Exclusive Control

MITREへのリンク →

APT39

Score: 4.62

Matched TTPs:

T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption

MITREへのリンク →

Wizard Spider

Score: 5.32

Matched TTPs:

T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1668 - Exclusive Control

MITREへのリンク →

Mustang Panda

Score: 6.70

Matched TTPs:

T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1055.005 - Thread Local Storage

MITREへのリンク →

APT3

Score: 3.43

Matched TTPs:

T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

The White Company

Score: 3.43

Matched TTPs:

T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Medusa Group

Score: 4.62

Matched TTPs:

T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption

MITREへのリンク →

Velvet Ant

Score: 3.84

Matched TTPs:

T1219.002 - Remote Desktop Software

MITREへのリンク →

TA2541

Score: 5.20

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1546.017 - Udev Rules

MITREへのリンク →

Dark Caracal

Score: 3.24

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption

MITREへのリンク →

TA505

Score: 3.24

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption

MITREへのリンク →

Moonstone Sleet

Score: 5.03

Matched TTPs:

T1556.005 - Reversible Encryption
T1126 - Network Share Connection Removal

MITREへのリンク →

FIN13

Score: 3.93

Matched TTPs:

T1556.005 - Reversible Encryption
T1668 - Exclusive Control

MITREへのリンク →

Confucius

Score: 4.02

Matched TTPs:

T1556.005 - Reversible Encryption
T1665 - Hide Infrastructure

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1160 - Launch Daemon

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81

Matched TTPs:

T1070.009 - Clear Persistence
T1668 - Exclusive Control
T1537 - Transfer Data to Cloud Account
T1580 - Cloud Infrastructure Discovery
T1556.005 - Reversible Encryption
T1665 - Hide Infrastructure
T1126 - Network Share Connection Removal
T1008 - Fallback Channels
T1003.007 - Proc Filesystem

MITREへのリンク →

APT28

Score: 0.70

Matched TTPs:

T1070.009 - Clear Persistence
T1542.004 - ROMMONkit
T1668 - Exclusive Control
T1574.009 - Path Interception by Unquoted Path
T1552.005 - Cloud Instance Metadata API
T1499.001 - OS Exhaustion Flood
T1556.005 - Reversible Encryption

MITREへのリンク →

APT41

Score: 0.63

Matched TTPs:

T1070.009 - Clear Persistence
T1668 - Exclusive Control
T1574.009 - Path Interception by Unquoted Path
T1537 - Transfer Data to Cloud Account
T1499.001 - OS Exhaustion Flood
T1556.005 - Reversible Encryption
T1008 - Fallback Channels

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る