Trusted Design

Hijacked Existing E-mail Thread - Ursnif (aka Gozi aka Gozi ISFB) Malware Phishing

概要

Ursnif (aka Gozi aka Gozi ISFB) Malware campaign. Similar to the activity observed in May 2017, June 2017, August 2017, and September 2017 - the interesting aspects of this specific campaign are: • Use of existing e-mail threads within compromised e-mail accounts to spread their malware • Use of Ursnif (aka Gozi aka Gozi ISFB) Malware - Botnet: 200X • Use of Fluxxy (aka Dark Cloud) Fast Flux Hosting

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Ursnif (aka Gozi aka Gozi ISFB) phishing emails (score: 0.90)
GozNym Malware (score: 0.63)
Ursnif/Dreambot Trojan Campaign (score: 0.62)
New Spear Phishing Campaign Pretends to be EFF (score: 0.61)
TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 5.63

Matched TTPs:

T1564.008 - Email Hiding Rules
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 23.29

Matched TTPs:

T1564.008 - Email Hiding Rules
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

menuPass

Score: 3.84

Matched TTPs:

T1527 - Application Access Token

MITREへのリンク →

TA505

Score: 7.26

Matched TTPs:

T1527 - Application Access Token
T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

Gamaredon Group

Score: 10.23

Matched TTPs:

T1527 - Application Access Token
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

MuddyWater

Score: 7.35

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 3.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

Confucius

Score: 4.95

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

Kimsuky

Score: 16.39

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1490 - Inhibit System Recovery

MITREへのリンク →

Sidewinder

Score: 5.40

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Elderwood

Score: 4.71

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Machete

Score: 3.21

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN7

Score: 13.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1490 - Inhibit System Recovery

MITREへのリンク →

Mustard Tempest

Score: 5.19

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 4.71

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustang Panda

Score: 13.52

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage

MITREへのリンク →

APT32

Score: 13.82

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

APT3

Score: 6.56

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance

MITREへのリンク →

Lazarus Group

Score: 16.08

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage

MITREへのリンク →

Leviathan

Score: 7.54

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

APT33

Score: 5.87

Matched TTPs:

T1543.003 - Windows Service
T1218.010 - Regsvr32
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

ZIRCONIUM

Score: 11.75

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1547.002 - Authentication Package
T1197 - BITS Jobs

MITREへのリンク →

EXOTIC LILY

Score: 4.91

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

Magic Hound

Score: 13.70

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1547.002 - Authentication Package
T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI

MITREへのリンク →

OilRig

Score: 4.91

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

Windshift

Score: 3.21

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI

MITREへのリンク →

Cobalt Group

Score: 5.87

Matched TTPs:

T1543.003 - Windows Service
T1573 - Encrypted Channel
T1218.010 - Regsvr32

MITREへのリンク →

APT29

Score: 15.09

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1021.001 - Remote Desktop Protocol
T1490 - Inhibit System Recovery

MITREへのリンク →

TA2541

Score: 5.43

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Earth Lusca

Score: 13.65

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Storm-1811

Score: 9.61

Matched TTPs:

T1543.003 - Windows Service
T1567.003 - Exfiltration to Text Storage Sites
T1578.002 - Create Cloud Instance

MITREへのリンク →

Turla

Score: 16.74

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1490 - Inhibit System Recovery

MITREへのリンク →

Patchwork

Score: 7.16

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

LazyScripter

Score: 5.43

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

APT42

Score: 3.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

APT39

Score: 3.84

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package

MITREへのリンク →

Scattered Spider

Score: 12.96

Matched TTPs:

T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1557.002 - ARP Cache Poisoning
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT28

Score: 16.50

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1197 - BITS Jobs
T1059.012 - Hypervisor CLI
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Star Blizzard

Score: 4.43

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media

MITREへのリンク →

Moonstone Sleet

Score: 10.80

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1573 - Encrypted Channel
T1197 - BITS Jobs

MITREへのリンク →

CURIUM

Score: 7.85

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dragonfly

Score: 15.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Threat Group-3390

Score: 8.16

Matched TTPs:

T1091 - Replication Through Removable Media
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

BITTER

Score: 3.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

HEXANE

Score: 4.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

Contagious Interview

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

HAFNIUM

Score: 11.23

Matched TTPs:

T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1021.001 - Remote Desktop Protocol
T1490 - Inhibit System Recovery

MITREへのリンク →

Axiom

Score: 6.88

Matched TTPs:

T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volt Typhoon

Score: 6.45

Matched TTPs:

T1049 - System Network Connections Discovery
T1546.016 - Installer Packages

MITREへのリンク →

POLONIUM

Score: 4.41

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

Winter Vivern

Score: 5.39

Matched TTPs:

T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT41

Score: 4.42

Matched TTPs:

T1573 - Encrypted Channel
T1218.010 - Regsvr32

MITREへのリンク →

Daggerfly

Score: 7.53

Matched TTPs:

T1573 - Encrypted Channel
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

APT37

Score: 5.66

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

BRONZE BUTLER

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

Tropic Trooper

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

LAPSUS$

Score: 7.06

Matched TTPs:

T1557.002 - ARP Cache Poisoning
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

PROMETHIUM

Score: 4.43

Matched TTPs:

T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.83

Matched TTPs:

T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1049 - System Network Connections Discovery
T1573 - Encrypted Channel
T1091 - Replication Through Removable Media
T1566.002 - Spearphishing Link
T1564.008 - Email Hiding Rules
T1218.010 - Regsvr32
T1543.003 - Windows Service

MITREへのリンク →

Turla

Score: 0.64

Matched TTPs:

T1490 - Inhibit System Recovery
T1543.003 - Windows Service
T1547.002 - Authentication Package
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1546.016 - Installer Packages
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT28

Score: 0.62

Matched TTPs:

T1547.002 - Authentication Package
T1021.001 - Remote Desktop Protocol
T1608.005 - Link Target
T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Kimsuky

Score: 0.60

Matched TTPs:

T1490 - Inhibit System Recovery
T1547.002 - Authentication Package
T1608.005 - Link Target
T1091 - Replication Through Removable Media
T1566.002 - Spearphishing Link
T1197 - BITS Jobs
T1543.003 - Windows Service

MITREへのリンク →

Lazarus Group

Score: 0.59

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package
T1608.005 - Link Target
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dragonfly

Score: 0.57

Matched TTPs:

T1546.016 - Installer Packages
T1573 - Encrypted Channel
T1566.002 - Spearphishing Link
T1578.002 - Create Cloud Instance
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT29

Score: 0.56

Matched TTPs:

T1490 - Inhibit System Recovery
T1021.001 - Remote Desktop Protocol
T1608.005 - Link Target
T1218.009 - Regsvcs/Regasm
T1218.010 - Regsvr32
T1543.003 - Windows Service

MITREへのリンク →

Earth Lusca

Score: 0.55

Matched TTPs:

T1218.001 - Compiled HTML File
T1608.005 - Link Target
T1546.016 - Installer Packages
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1543.003 - Windows Service

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る