Trusted Design

Rurktar Backdoor

概要

There is a new malware called Rurktar[2]. It’s a trojan spy which is installed as service called RCSU. The service connects back to the attacker machine and waits for commands which will be given by the attacker. The file size of the malware is mostly around ~50Kb, as you can see from the list of sample hashes at the end of this report. Currently, the trojan spy is still in development and is not spotted in-the-wild yet. This could change once the trojan spy has fully developed.

Created: 2026-02-23

Indicators

類似Pulses

TrojanSpy:MSIL/Ruzmoil (score: 0.65)
Backdoor:Win32/Saluchtra (score: 0.64)
Trojan:Win32/Hilasy (score: 0.63)
Backdoor:MSIL/Noobsrat (score: 0.62)
Backdoor:MSIL/Noobsrat (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29

Matched TTPs:

T1014 - Rootkit

MITREへのリンク →

APT41

Score: 17.38

Matched TTPs:

T1014 - Rootkit
T1030 - Data Transfer Size Limits
T1070.004 - File Deletion
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1550.002 - Pass the Hash
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Rocke

Score: 11.19

Matched TTPs:

T1014 - Rootkit
T1070.004 - File Deletion
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TeamTNT

Score: 13.26

Matched TTPs:

T1014 - Rootkit
T1007 - System Service Discovery
T1070.004 - File Deletion
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1680 - Local Storage Discovery

MITREへのリンク →

APT28

Score: 18.70

Matched TTPs:

T1014 - Rootkit
T1025 - Data from Removable Media
T1039 - Data from Network Shared Drive
T1030 - Data Transfer Size Limits
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1550.002 - Pass the Hash

MITREへのリンク →

UNC3886

Score: 8.51

Matched TTPs:

T1014 - Rootkit
T1070.004 - File Deletion
T1037.004 - RC Scripts

MITREへのリンク →

OilRig

Score: 8.71

Matched TTPs:

T1025 - Data from Removable Media
T1007 - System Service Discovery
T1070.004 - File Deletion
T1071.001 - Web Protocols

MITREへのリンク →

Gamaredon Group

Score: 12.38

Matched TTPs:

T1025 - Data from Removable Media
T1039 - Data from Network Shared Drive
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1027.015 - Compression

MITREへのリンク →

Turla

Score: 7.33

Matched TTPs:

T1025 - Data from Removable Media
T1007 - System Service Discovery
T1071.001 - Web Protocols

MITREへのリンク →

BRONZE BUTLER

Score: 14.45

Matched TTPs:

T1007 - System Service Discovery
T1027.001 - Binary Padding
T1039 - Data from Network Shared Drive
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Aquatic Panda

Score: 6.65

Matched TTPs:

T1007 - System Service Discovery
T1070.004 - File Deletion
T1550.002 - Pass the Hash

MITREへのリンク →

Kimsuky

Score: 22.89

Matched TTPs:

T1007 - System Service Discovery
T1027.001 - Binary Padding
T1070.004 - File Deletion
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1550.002 - Pass the Hash
T1587 - Develop Capabilities
T1680 - Local Storage Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Chimera

Score: 13.71

Matched TTPs:

T1007 - System Service Discovery
T1039 - Data from Network Shared Drive
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1550.002 - Pass the Hash
T1680 - Local Storage Discovery

MITREへのリンク →

Ke3chang

Score: 3.71

Matched TTPs:

T1007 - System Service Discovery
T1071.001 - Web Protocols

MITREへのリンク →

Volt Typhoon

Score: 8.79

Matched TTPs:

T1007 - System Service Discovery
T1070.004 - File Deletion
T1027.002 - Software Packing
T1680 - Local Storage Discovery

MITREへのリンク →

APT1

Score: 5.27

Matched TTPs:

T1007 - System Service Discovery
T1550.002 - Pass the Hash

MITREへのリンク →

Leviathan

Score: 6.19

Matched TTPs:

T1027.001 - Binary Padding
T1027.015 - Compression

MITREへのリンク →

APT29

Score: 10.31

Matched TTPs:

T1027.001 - Binary Padding
T1070.004 - File Deletion
T1037.004 - RC Scripts
T1027.002 - Software Packing

MITREへのリンク →

Moafee

Score: 3.03

Matched TTPs:

T1027.001 - Binary Padding

MITREへのリンク →

Higaisa

Score: 10.21

Matched TTPs:

T1027.001 - Binary Padding
T1071.001 - Web Protocols
T1680 - Local Storage Discovery
T1027.015 - Compression

MITREへのリンク →

Patchwork

Score: 12.59

Matched TTPs:

T1027.001 - Binary Padding
T1070.004 - File Deletion
T1027.002 - Software Packing
T1680 - Local Storage Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Akira

Score: 3.03

Matched TTPs:

T1027.001 - Binary Padding

MITREへのリンク →

RedCurl

Score: 5.60

Matched TTPs:

T1039 - Data from Network Shared Drive
T1070.004 - File Deletion
T1071.001 - Web Protocols

MITREへのリンク →

Sowbug

Score: 3.03

Matched TTPs:

T1039 - Data from Network Shared Drive

MITREへのリンク →

menuPass

Score: 7.70

Matched TTPs:

T1039 - Data from Network Shared Drive
T1036.003 - Rename Legitimate Utilities
T1070.004 - File Deletion

MITREへのリンク →

Fox Kitten

Score: 3.03

Matched TTPs:

T1039 - Data from Network Shared Drive

MITREへのリンク →

Lazarus Group

Score: 12.82

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1027.007 - Dynamic API Resolution
T1680 - Local Storage Discovery

MITREへのリンク →

Daggerfly

Score: 4.47

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1071.001 - Web Protocols

MITREへのリンク →

APT32

Score: 8.60

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1550.002 - Pass the Hash

MITREへのリンク →

APT38

Score: 12.45

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1070.004 - File Deletion
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1036.006 - Space after Filename

MITREへのリンク →

GALLIUM

Score: 8.08

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1027.002 - Software Packing
T1550.002 - Pass the Hash

MITREへのリンク →

Play

Score: 4.82

Matched TTPs:

T1030 - Data Transfer Size Limits
T1070.004 - File Deletion

MITREへのリンク →

LuminousMoth

Score: 4.63

Matched TTPs:

T1030 - Data Transfer Size Limits
T1071.001 - Web Protocols

MITREへのリンク →

Threat Group-3390

Score: 11.21

Matched TTPs:

T1030 - Data Transfer Size Limits
T1070.004 - File Deletion
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1027.015 - Compression

MITREへのリンク →

Contagious Interview

Score: 9.76

Matched TTPs:

T1543.001 - Launch Agent
T1070.004 - File Deletion
T1587 - Develop Capabilities

MITREへのリンク →

Tropic Trooper

Score: 5.40

Matched TTPs:

T1070.004 - File Deletion
T1071.001 - Web Protocols
T1680 - Local Storage Discovery

MITREへのリンク →

Ember Bear

Score: 4.13

Matched TTPs:

T1070.004 - File Deletion
T1550.002 - Pass the Hash

MITREへのリンク →

APT39

Score: 4.62

Matched TTPs:

T1070.004 - File Deletion
T1027.002 - Software Packing
T1071.001 - Web Protocols

MITREへのリンク →

Wizard Spider

Score: 5.32

Matched TTPs:

T1070.004 - File Deletion
T1071.001 - Web Protocols
T1550.002 - Pass the Hash

MITREへのリンク →

Mustang Panda

Score: 6.70

Matched TTPs:

T1070.004 - File Deletion
T1071.001 - Web Protocols
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT3

Score: 3.43

Matched TTPs:

T1070.004 - File Deletion
T1027.002 - Software Packing

MITREへのリンク →

The White Company

Score: 3.43

Matched TTPs:

T1070.004 - File Deletion
T1027.002 - Software Packing

MITREへのリンク →

Medusa Group

Score: 4.62

Matched TTPs:

T1070.004 - File Deletion
T1027.002 - Software Packing
T1071.001 - Web Protocols

MITREへのリンク →

Velvet Ant

Score: 3.84

Matched TTPs:

T1037.004 - RC Scripts

MITREへのリンク →

TA2541

Score: 5.20

Matched TTPs:

T1027.002 - Software Packing
T1027.015 - Compression

MITREへのリンク →

Dark Caracal

Score: 3.24

Matched TTPs:

T1027.002 - Software Packing
T1071.001 - Web Protocols

MITREへのリンク →

TA505

Score: 3.24

Matched TTPs:

T1027.002 - Software Packing
T1071.001 - Web Protocols

MITREへのリンク →

Moonstone Sleet

Score: 5.03

Matched TTPs:

T1071.001 - Web Protocols
T1587 - Develop Capabilities

MITREへのリンク →

FIN13

Score: 3.93

Matched TTPs:

T1071.001 - Web Protocols
T1550.002 - Pass the Hash

MITREへのリンク →

Confucius

Score: 4.02

Matched TTPs:

T1071.001 - Web Protocols
T1680 - Local Storage Discovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Axiom

Score: 4.54

Matched TTPs:

T1001.002 - Steganography

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1027.015 - Compression

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81

Matched TTPs:

T1102.001 - Dead Drop Resolver
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1027.001 - Binary Padding
T1550.002 - Pass the Hash
T1027.002 - Software Packing
T1007 - System Service Discovery
T1680 - Local Storage Discovery
T1587 - Develop Capabilities

MITREへのリンク →

APT28

Score: 0.70

Matched TTPs:

T1039 - Data from Network Shared Drive
T1014 - Rootkit
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1550.002 - Pass the Hash
T1030 - Data Transfer Size Limits
T1025 - Data from Removable Media

MITREへのリンク →

APT41

Score: 0.63

Matched TTPs:

T1102.001 - Dead Drop Resolver
T1014 - Rootkit
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1550.002 - Pass the Hash
T1027.002 - Software Packing
T1030 - Data Transfer Size Limits

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る