Trusted Design

Ursnif (aka Gozi aka Gozi ISFB) phishing emails

概要

Ursnif (aka Gozi aka Gozi ISFB) Malware campaign. Similar to the activity observed since May 2017 - the interesting aspects of this specific campaign are: • Use of existing e-mail threads within compromised e-mail accounts to spread their malware • Use of Ursnif (aka Gozi aka Gozi ISFB) Malware - Botnet: 200X • Use of Fluxxy (aka Dark Cloud) Fast Flux Hosting In this specific case, we observed Ursnif Botnet 2007 downloading Ursnif Botnet 1200 (DGA).

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Hijacked Existing E-mail Thread - Ursnif (aka Gozi aka Gozi ISFB) Malware Phishing (score: 0.90)
Ursnif/Dreambot Trojan Campaign (score: 0.70)
SPAM Attempt (score: 0.63)
Phishing emails with URLs pointing to malware (score: 0.62)
Mr.Xpl0it (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 23.75

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1566.002 - Spearphishing Link
T1552.003 - Shell History
T1619 - Cloud Storage Object Discovery
T1197 - BITS Jobs
T1557.002 - ARP Cache Poisoning
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN4

Score: 5.58

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1543.003 - Windows Service

MITREへのリンク →

Ember Bear

Score: 4.13

Matched TTPs:

T1564.008 - Email Hiding Rules

MITREへのリンク →

Sandworm Team

Score: 21.79

Matched TTPs:

T1564.008 - Email Hiding Rules
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1546.016 - Installer Packages

MITREへのリンク →

menuPass

Score: 3.84

Matched TTPs:

T1527 - Application Access Token

MITREへのリンク →

TA505

Score: 7.26

Matched TTPs:

T1527 - Application Access Token
T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

Gamaredon Group

Score: 10.23

Matched TTPs:

T1527 - Application Access Token
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

MuddyWater

Score: 5.86

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

LuminousMoth

Score: 3.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

Confucius

Score: 3.46

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target

MITREへのリンク →

Kimsuky

Score: 24.87

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1608.005 - Link Target
T1562.013 - Disable or Modify Network Device Firewall
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1490 - Inhibit System Recovery

MITREへのリンク →

Sidewinder

Score: 7.53

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1657 - Financial Theft

MITREへのリンク →

Elderwood

Score: 3.21

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI

MITREへのリンク →

Machete

Score: 3.21

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN7

Score: 13.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1490 - Inhibit System Recovery

MITREへのリンク →

Mustard Tempest

Score: 5.19

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 3.21

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustang Panda

Score: 14.69

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1055.005 - Thread Local Storage

MITREへのリンク →

APT32

Score: 12.32

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

APT3

Score: 5.07

Matched TTPs:

T1543.003 - Windows Service
T1578.002 - Create Cloud Instance

MITREへのリンク →

Lazarus Group

Score: 14.59

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage

MITREへのリンク →

Leviathan

Score: 8.71

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

APT33

Score: 4.38

Matched TTPs:

T1543.003 - Windows Service
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

ZIRCONIUM

Score: 11.75

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1547.002 - Authentication Package
T1197 - BITS Jobs

MITREへのリンク →

EXOTIC LILY

Score: 3.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

Magic Hound

Score: 16.37

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1608.005 - Link Target
T1547.002 - Authentication Package
T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI

MITREへのリンク →

OilRig

Score: 6.09

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media

MITREへのリンク →

Windshift

Score: 3.21

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI

MITREへのリンク →

Cobalt Group

Score: 4.38

Matched TTPs:

T1543.003 - Windows Service
T1573 - Encrypted Channel

MITREへのリンク →

APT29

Score: 16.26

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1608.005 - Link Target
T1218.009 - Regsvcs/Regasm
T1021.001 - Remote Desktop Protocol
T1490 - Inhibit System Recovery

MITREへのリンク →

TA2541

Score: 5.43

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Earth Lusca

Score: 13.65

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Storm-1811

Score: 9.61

Matched TTPs:

T1543.003 - Windows Service
T1567.003 - Exfiltration to Text Storage Sites
T1578.002 - Create Cloud Instance

MITREへのリンク →

Turla

Score: 16.74

Matched TTPs:

T1543.003 - Windows Service
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1490 - Inhibit System Recovery

MITREへのリンク →

TA577

Score: 4.11

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol

MITREへのリンク →

Patchwork

Score: 5.67

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI

MITREへのリンク →

LazyScripter

Score: 5.43

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

APT42

Score: 3.42

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media

MITREへのリンク →

APT39

Score: 3.84

Matched TTPs:

T1543.003 - Windows Service
T1547.002 - Authentication Package

MITREへのリンク →

APT28

Score: 17.67

Matched TTPs:

T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1608.005 - Link Target
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1059.012 - Hypervisor CLI
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Star Blizzard

Score: 10.72

Matched TTPs:

T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1657 - Financial Theft

MITREへのリンク →

Moonstone Sleet

Score: 10.80

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1573 - Encrypted Channel
T1197 - BITS Jobs

MITREへのリンク →

CURIUM

Score: 7.85

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dragonfly

Score: 17.23

Matched TTPs:

T1566.002 - Spearphishing Link
T1657 - Financial Theft
T1573 - Encrypted Channel
T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

HAFNIUM

Score: 15.07

Matched TTPs:

T1027.008 - Stripped Payloads
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1021.001 - Remote Desktop Protocol
T1490 - Inhibit System Recovery

MITREへのリンク →

APT5

Score: 6.77

Matched TTPs:

T1027.008 - Stripped Payloads
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Ke3chang

Score: 6.77

Matched TTPs:

T1027.008 - Stripped Payloads
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

HEXANE

Score: 7.04

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package

MITREへのリンク →

LAPSUS$

Score: 13.86

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1619 - Cloud Storage Object Discovery
T1557.002 - ARP Cache Poisoning
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

IndigoZebra

Score: 4.68

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1608.005 - Link Target

MITREへのリンク →

Threat Group-3390

Score: 6.67

Matched TTPs:

T1091 - Replication Through Removable Media
T1573 - Encrypted Channel
T1059.012 - Hypervisor CLI

MITREへのリンク →

SideCopy

Score: 5.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1657 - Financial Theft

MITREへのリンク →

Saint Bear

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Contagious Interview

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1552.003 - Shell History
T1608.005 - Link Target

MITREへのリンク →

Axiom

Score: 8.67

Matched TTPs:

T1049 - System Network Connections Discovery
T1562.013 - Disable or Modify Network Device Firewall
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volt Typhoon

Score: 6.45

Matched TTPs:

T1049 - System Network Connections Discovery
T1546.016 - Installer Packages

MITREへのリンク →

INC Ransom

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Storm-0501

Score: 5.45

Matched TTPs:

T1552.003 - Shell History
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Medusa Group

Score: 4.54

Matched TTPs:

T1552.003 - Shell History
T1608.005 - Link Target

MITREへのリンク →

Play

Score: 5.19

Matched TTPs:

T1552.003 - Shell History
T1490 - Inhibit System Recovery

MITREへのリンク →

POLONIUM

Score: 4.41

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

Sea Turtle

Score: 5.95

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall
T1490 - Inhibit System Recovery

MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.21

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall
T1573 - Encrypted Channel

MITREへのリンク →

Winter Vivern

Score: 5.39

Matched TTPs:

T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Daggerfly

Score: 7.53

Matched TTPs:

T1573 - Encrypted Channel
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

APT37

Score: 4.16

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI

MITREへのリンク →

PROMETHIUM

Score: 4.43

Matched TTPs:

T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81

Matched TTPs:

T1547.002 - Authentication Package
T1197 - BITS Jobs
T1562.013 - Disable or Modify Network Device Firewall
T1091 - Replication Through Removable Media
T1024 - Custom Cryptographic Protocol
T1490 - Inhibit System Recovery
T1543.003 - Windows Service
T1608.005 - Link Target
T1566.002 - Spearphishing Link
T1552.003 - Shell History

MITREへのリンク →

Scattered Spider

Score: 0.77

Matched TTPs:

T1197 - BITS Jobs
T1021.001 - Remote Desktop Protocol
T1619 - Cloud Storage Object Discovery
T1566.002 - Spearphishing Link
T1557.002 - ARP Cache Poisoning
T1552.003 - Shell History
T1666 - Modify Cloud Resource Hierarchy

MITREへのリンク →

Sandworm Team

Score: 0.74

Matched TTPs:

T1547.002 - Authentication Package
T1573 - Encrypted Channel
T1091 - Replication Through Removable Media
T1543.003 - Windows Service
T1049 - System Network Connections Discovery
T1566.002 - Spearphishing Link
T1564.008 - Email Hiding Rules
T1546.016 - Installer Packages

MITREへのリンク →

APT28

Score: 0.62

Matched TTPs:

T1547.002 - Authentication Package
T1197 - BITS Jobs
T1059.012 - Hypervisor CLI
T1024 - Custom Cryptographic Protocol
T1021.001 - Remote Desktop Protocol
T1608.005 - Link Target
T1566.002 - Spearphishing Link

MITREへのリンク →

Turla

Score: 0.62

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery
T1543.003 - Windows Service
T1608.005 - Link Target
T1546.016 - Installer Packages
T1218.001 - Compiled HTML File

MITREへのリンク →

Dragonfly

Score: 0.61

Matched TTPs:

T1578.002 - Create Cloud Instance
T1657 - Financial Theft
T1573 - Encrypted Channel
T1059.012 - Hypervisor CLI
T1566.002 - Spearphishing Link
T1546.016 - Installer Packages

MITREへのリンク →

Magic Hound

Score: 0.57

Matched TTPs:

T1547.002 - Authentication Package
T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI
T1024 - Custom Cryptographic Protocol
T1543.003 - Windows Service
T1608.005 - Link Target
T1566.002 - Spearphishing Link

MITREへのリンク →

APT29

Score: 0.56

Matched TTPs:

T1218.009 - Regsvcs/Regasm
T1024 - Custom Cryptographic Protocol
T1490 - Inhibit System Recovery
T1021.001 - Remote Desktop Protocol
T1543.003 - Windows Service
T1608.005 - Link Target

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る