Trusted Design

Hijacked Existing E-mail Thread - Ursnif (aka Gozi aka Gozi ISFB) Malware Phishing

概要

Ursnif (aka Gozi aka Gozi ISFB) Malware campaign. Similar to the activity observed in May 2017, June 2017, August 2017, and September 2017 - the interesting aspects of this specific campaign are: • Use of existing e-mail threads within compromised e-mail accounts to spread their malware • Use of Ursnif (aka Gozi aka Gozi ISFB) Malware - Botnet: 200X • Use of Fluxxy (aka Dark Cloud) Fast Flux Hosting

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 5.63
Matched TTPs:
  • T1491.002 - External Defacement
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sandworm Team

Score: 23.29
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1584.005 - Botnet
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
MITREへのリンク →

menuPass

Score: 3.84
Matched TTPs:
  • T1568.001 - Fast Flux DNS
MITREへのリンク →

TA505

Score: 7.26
Matched TTPs:
  • T1568.001 - Fast Flux DNS
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
MITREへのリンク →

Gamaredon Group

Score: 10.23
Matched TTPs:
  • T1568.001 - Fast Flux DNS
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

MuddyWater

Score: 7.35
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 3.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
MITREへのリンク →

Confucius

Score: 4.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 16.39
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1078.003 - Local Accounts
MITREへのリンク →

Sidewinder

Score: 5.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 4.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN7

Score: 13.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1078.003 - Local Accounts
MITREへのリンク →

Mustard Tempest

Score: 5.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 4.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Mustang Panda

Score: 13.52
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT32

Score: 13.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

APT3

Score: 6.56
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1036.010 - Masquerade Account Name
MITREへのリンク →

Lazarus Group

Score: 16.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Leviathan

Score: 7.54
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

APT33

Score: 5.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1078.004 - Cloud Accounts
MITREへのリンク →

ZIRCONIUM

Score: 11.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
MITREへのリンク →

EXOTIC LILY

Score: 4.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Magic Hound

Score: 13.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1036.010 - Masquerade Account Name
  • T1189 - Drive-by Compromise
MITREへのリンク →

OilRig

Score: 4.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

Cobalt Group

Score: 5.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT29

Score: 15.09
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1078.004 - Cloud Accounts
  • T1078.003 - Local Accounts
MITREへのリンク →

TA2541

Score: 5.43
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
MITREへのリンク →

Earth Lusca

Score: 13.65
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Storm-1811

Score: 9.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1667 - Email Bombing
  • T1036.010 - Masquerade Account Name
MITREへのリンク →

Turla

Score: 16.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1078.003 - Local Accounts
MITREへのリンク →

Patchwork

Score: 7.16
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 5.43
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
MITREへのリンク →

APT42

Score: 3.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
MITREへのリンク →

APT39

Score: 3.84
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Scattered Spider

Score: 12.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1598 - Phishing for Information
  • T1578.002 - Create Cloud Instance
  • T1078.004 - Cloud Accounts
MITREへのリンク →

APT28

Score: 16.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1078.004 - Cloud Accounts
MITREへのリンク →

Star Blizzard

Score: 4.43
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
MITREへのリンク →

Moonstone Sleet

Score: 10.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
MITREへのリンク →

CURIUM

Score: 7.85
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Dragonfly

Score: 15.10
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1036.010 - Masquerade Account Name
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Threat Group-3390

Score: 8.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

BITTER

Score: 3.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

HEXANE

Score: 4.37
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Contagious Interview

Score: 3.99
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
MITREへのリンク →

HAFNIUM

Score: 11.23
Matched TTPs:
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1078.004 - Cloud Accounts
  • T1078.003 - Local Accounts
MITREへのリンク →

Axiom

Score: 6.88
Matched TTPs:
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Volt Typhoon

Score: 6.45
Matched TTPs:
  • T1584.005 - Botnet
  • T1584.004 - Server
MITREへのリンク →

POLONIUM

Score: 4.41
Matched TTPs:
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Winter Vivern

Score: 5.39
Matched TTPs:
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT41

Score: 4.42
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Daggerfly

Score: 7.53
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

APT37

Score: 5.66
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Andariel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Sea Turtle

Score: 4.16
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Tropic Trooper

Score: 4.16
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

LAPSUS$

Score: 7.06
Matched TTPs:
  • T1578.002 - Create Cloud Instance
  • T1078.004 - Cloud Accounts
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.83
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1584.004 - Server
  • T1584.005 - Botnet
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1102.002 - Bidirectional Communication
  • T1608.001 - Upload Malware
MITREへのリンク →

Turla

Score: 0.64
Matched TTPs:
  • T1584.004 - Server
  • T1584.006 - Web Services
  • T1583.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1078.003 - Local Accounts
MITREへのリンク →

APT28

Score: 0.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1078.004 - Cloud Accounts
  • T1583.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1598 - Phishing for Information
  • T1203 - Exploitation for Client Execution
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Kimsuky

Score: 0.60
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1078.003 - Local Accounts
  • T1583.006 - Web Services
  • T1566.002 - Spearphishing Link
  • T1598 - Phishing for Information
  • T1102.002 - Bidirectional Communication
  • T1608.001 - Upload Malware
MITREへのリンク →

Lazarus Group

Score: 0.59
Matched TTPs:
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1583.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Dragonfly

Score: 0.57
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1584.004 - Server
  • T1036.010 - Masquerade Account Name
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT29

Score: 0.56
Matched TTPs:
  • T1078.004 - Cloud Accounts
  • T1583.006 - Web Services
  • T1090.004 - Domain Fronting
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Earth Lusca

Score: 0.55
Matched TTPs:
  • T1584.004 - Server
  • T1584.006 - Web Services
  • T1583.006 - Web Services
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
  • T1608.001 - Upload Malware
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る