Exobot Android Malware spreading via Google Play Store
概要
What makes Exobot 2 special are it's features. Those features are by far better and comprehensive than any other Android banking Trojans such as Mazar 3.0, Lokibot v2 or Anubis 2 (Bankbot v2), which resulted in its success. The actor did not only focus on obfuscation of the bot code to lower its detection rate (FUD), but also on features that could bypass fraud detection mechanisms, such as the use of a SOCKS5 proxy on victim device.
Early December 2017 the actor behind Exobot, nicknamed “android”, advertised in an underground forum that he would sell the source code of his malware to a limited number of buyers before quitting the business.
Less than a month after the actor started selling the Exobot source code, new campaigns in Austria, England, Netherlands and Turkey where discovered. During our investigation, we were surprised to discover that the bot count (number of infected devices) in Turkey was three times higher than those of botnets targeting other countries.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 5.38
Matched TTPs:
- T1069 - Permission Groups Discovery
- T1036.004 - Masquerade Task or Service
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1069 - Permission Groups Discovery
- T1588.001 - Malware
- T1657 - Financial Theft
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1069 - Permission Groups Discovery
- T1087.003 - Email Account
- T1588.001 - Malware
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 9.50
Matched TTPs:
- T1069 - Permission Groups Discovery
- T1584.005 - Botnet
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1069 - Permission Groups Discovery
MITREへのリンク →
Score: 10.00
Matched TTPs:
- T1069 - Permission Groups Discovery
- T1587.001 - Malware
- T1036.004 - Masquerade Task or Service
- T1657 - Financial Theft
MITREへのリンク →
Score: 22.61
Matched TTPs:
- T1587.001 - Malware
- T1070.006 - Timestomp
- T1036.004 - Masquerade Task or Service
- T1657 - Financial Theft
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
- T1588.005 - Exploits
MITREへのリンク →
Score: 4.62
Matched TTPs:
- T1587.001 - Malware
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 23.88
Matched TTPs:
- T1587.001 - Malware
- T1070.006 - Timestomp
- T1036.004 - Masquerade Task or Service
- T1583.006 - Web Services
- T1036.003 - Rename Legitimate Utilities
- T1102.002 - Bidirectional Communication
- T1027.007 - Dynamic API Resolution
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 14.86
Matched TTPs:
- T1587.001 - Malware
- T1657 - Financial Theft
- T1480 - Execution Guardrails
- T1583.006 - Web Services
- T1027.010 - Command Obfuscation
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.16
Matched TTPs:
- T1587.001 - Malware
- T1137.004 - Outlook Home Page
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 11.99
Matched TTPs:
- T1587.001 - Malware
- T1070.006 - Timestomp
- T1588.001 - Malware
- T1036.004 - Masquerade Task or Service
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.55
Matched TTPs:
- T1587.001 - Malware
- T1588.001 - Malware
MITREへのリンク →
Score: 13.60
Matched TTPs:
- T1587.001 - Malware
- T1087.003 - Email Account
- T1584.005 - Botnet
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 9.38
Matched TTPs:
- T1587.001 - Malware
- T1070.006 - Timestomp
- T1583.006 - Web Services
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 6.48
Matched TTPs:
- T1587.001 - Malware
- T1657 - Financial Theft
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 5.72
Matched TTPs:
- T1587.001 - Malware
- T1087.003 - Email Account
MITREへのリンク →
Score: 13.42
Matched TTPs:
- T1587.001 - Malware
- T1588.001 - Malware
- T1583.006 - Web Services
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
- T1124 - System Time Discovery
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1587.001 - Malware
- T1070.006 - Timestomp
- T1583.006 - Web Services
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 17.19
Matched TTPs:
- T1587.001 - Malware
- T1036.004 - Masquerade Task or Service
- T1583.006 - Web Services
- T1497.002 - User Activity Based Checks
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
- T1124 - System Time Discovery
MITREへのリンク →
Score: 7.16
Matched TTPs:
- T1070.006 - Timestomp
- T1583.006 - Web Services
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1070.006 - Timestomp
- T1036.003 - Rename Legitimate Utilities
MITREへのリンク →
Score: 14.75
Matched TTPs:
- T1070.006 - Timestomp
- T1036.004 - Masquerade Task or Service
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1036.003 - Rename Legitimate Utilities
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 7.20
Matched TTPs:
- T1070.006 - Timestomp
- T1027.010 - Command Obfuscation
- T1124 - System Time Discovery
MITREへのリンク →
Score: 14.51
Matched TTPs:
- T1087.003 - Email Account
- T1036.004 - Masquerade Task or Service
- T1583.006 - Web Services
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.47
Matched TTPs:
- T1588.001 - Malware
- T1583.006 - Web Services
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1588.001 - Malware
- T1588.005 - Exploits
MITREへのリンク →
Score: 6.42
Matched TTPs:
- T1588.001 - Malware
- T1036.004 - Masquerade Task or Service
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 6.33
Matched TTPs:
- T1588.001 - Malware
- T1583.006 - Web Services
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 4.47
Matched TTPs:
- T1588.001 - Malware
- T1583.006 - Web Services
MITREへのリンク →
Score: 4.55
Matched TTPs:
- T1588.001 - Malware
- T1036.004 - Masquerade Task or Service
MITREへのリンク →
Score: 4.49
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 3.96
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 6.48
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1027.010 - Command Obfuscation
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.96
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 9.10
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1583.006 - Web Services
- T1102.002 - Bidirectional Communication
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1124 - System Time Discovery
MITREへのリンク →
Score: 7.36
Matched TTPs:
- T1036.004 - Masquerade Task or Service
- T1657 - Financial Theft
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1584.005 - Botnet
- T1583.006 - Web Services
MITREへのリンク →
Score: 6.40
Matched TTPs:
- T1657 - Financial Theft
- T1583.006 - Web Services
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1480 - Execution Guardrails
MITREへのリンク →
Score: 14.66
Matched TTPs:
- T1480 - Execution Guardrails
- T1583.006 - Web Services
- T1001 - Data Obfuscation
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 6.27
Matched TTPs:
- T1583.006 - Web Services
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1583.006 - Web Services
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 6.72
Matched TTPs:
- T1497.002 - User Activity Based Checks
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1218.010 - Regsvr32
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1036.003 - Rename Legitimate Utilities
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1036.003 - Rename Legitimate Utilities
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1036.003 - Rename Legitimate Utilities
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1027.010 - Command Obfuscation
MITREへのリンク →
Score: 4.46
Matched TTPs:
- T1027.010 - Command Obfuscation
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.12
Matched TTPs:
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.79
Matched TTPs:
- T1583.006 - Web Services
- T1124 - System Time Discovery
- T1027.007 - Dynamic API Resolution
- T1036.003 - Rename Legitimate Utilities
- T1102.002 - Bidirectional Communication
- T1036.004 - Masquerade Task or Service
- T1566.003 - Spearphishing via Service
- T1587.001 - Malware
- T1070.006 - Timestomp
MITREへのリンク →
Score: 0.75
Matched TTPs:
- T1583.006 - Web Services
- T1218.010 - Regsvr32
- T1588.005 - Exploits
- T1027.010 - Command Obfuscation
- T1102.002 - Bidirectional Communication
- T1036.004 - Masquerade Task or Service
- T1657 - Financial Theft
- T1587.001 - Malware
- T1070.006 - Timestomp
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1583.006 - Web Services
- T1124 - System Time Discovery
- T1027.010 - Command Obfuscation
- T1102.002 - Bidirectional Communication
- T1036.004 - Masquerade Task or Service
- T1587.001 - Malware
- T1497.002 - User Activity Based Checks
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design