Exobot Android Malware spreading via Google Play Store
概要
What makes Exobot 2 special are it's features. Those features are by far better and comprehensive than any other Android banking Trojans such as Mazar 3.0, Lokibot v2 or Anubis 2 (Bankbot v2), which resulted in its success. The actor did not only focus on obfuscation of the bot code to lower its detection rate (FUD), but also on features that could bypass fraud detection mechanisms, such as the use of a SOCKS5 proxy on victim device.
Early December 2017 the actor behind Exobot, nicknamed “android”, advertised in an underground forum that he would sell the source code of his malware to a limited number of buyers before quitting the business.
Less than a month after the actor started selling the Exobot source code, new campaigns in Austria, England, Netherlands and Turkey where discovered. During our investigation, we were surprised to discover that the bot count (number of infected devices) in Turkey was three times higher than those of botnets targeting other countries.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 5.38
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1588.001 - Malware
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1136.002 - Domain Account
- T1552.003 - Shell History
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1016.002 - Wi-Fi Discovery
- T1136.002 - Domain Account
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.50
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1049 - System Network Connections Discovery
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1560.003 - Archive via Custom Method
MITREへのリンク →
Score: 10.00
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1606.002 - SAML Tokens
- T1588.001 - Malware
- T1552.003 - Shell History
MITREへのリンク →
Score: 22.61
Matched TTPs:
- T1606.002 - SAML Tokens
- T1567.004 - Exfiltration Over Webhook
- T1588.001 - Malware
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1027.014 - Polymorphic Code
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1003.003 - NTDS
MITREへのリンク →
Score: 4.62
Matched TTPs:
- T1606.002 - SAML Tokens
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 23.88
Matched TTPs:
- T1606.002 - SAML Tokens
- T1567.004 - Exfiltration Over Webhook
- T1588.001 - Malware
- T1608.005 - Link Target
- T1174 - Password Filter DLL
- T1547.002 - Authentication Package
- T1055.005 - Thread Local Storage
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.86
Matched TTPs:
- T1606.002 - SAML Tokens
- T1552.003 - Shell History
- T1562.010 - Downgrade Attack
- T1608.005 - Link Target
- T1601.001 - Patch System Image
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.16
Matched TTPs:
- T1606.002 - SAML Tokens
- T1592.002 - Software
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.99
Matched TTPs:
- T1606.002 - SAML Tokens
- T1567.004 - Exfiltration Over Webhook
- T1136.002 - Domain Account
- T1588.001 - Malware
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 4.55
Matched TTPs:
- T1606.002 - SAML Tokens
- T1136.002 - Domain Account
MITREへのリンク →
Score: 13.60
Matched TTPs:
- T1606.002 - SAML Tokens
- T1016.002 - Wi-Fi Discovery
- T1049 - System Network Connections Discovery
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.38
Matched TTPs:
- T1606.002 - SAML Tokens
- T1567.004 - Exfiltration Over Webhook
- T1608.005 - Link Target
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.48
Matched TTPs:
- T1606.002 - SAML Tokens
- T1552.003 - Shell History
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.72
Matched TTPs:
- T1606.002 - SAML Tokens
- T1016.002 - Wi-Fi Discovery
MITREへのリンク →
Score: 13.42
Matched TTPs:
- T1606.002 - SAML Tokens
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 10.99
Matched TTPs:
- T1606.002 - SAML Tokens
- T1567.004 - Exfiltration Over Webhook
- T1608.005 - Link Target
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 17.19
Matched TTPs:
- T1606.002 - SAML Tokens
- T1588.001 - Malware
- T1608.005 - Link Target
- T1564.002 - Hidden Users
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 7.16
Matched TTPs:
- T1567.004 - Exfiltration Over Webhook
- T1608.005 - Link Target
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1567.004 - Exfiltration Over Webhook
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 14.75
Matched TTPs:
- T1567.004 - Exfiltration Over Webhook
- T1588.001 - Malware
- T1608.005 - Link Target
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.20
Matched TTPs:
- T1567.004 - Exfiltration Over Webhook
- T1601.001 - Patch System Image
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 14.51
Matched TTPs:
- T1016.002 - Wi-Fi Discovery
- T1588.001 - Malware
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.47
Matched TTPs:
- T1136.002 - Domain Account
- T1608.005 - Link Target
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1136.002 - Domain Account
- T1003.003 - NTDS
MITREへのリンク →
Score: 6.42
Matched TTPs:
- T1136.002 - Domain Account
- T1588.001 - Malware
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.33
Matched TTPs:
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.47
Matched TTPs:
- T1136.002 - Domain Account
- T1608.005 - Link Target
MITREへのリンク →
Score: 4.55
Matched TTPs:
- T1136.002 - Domain Account
- T1588.001 - Malware
MITREへのリンク →
Score: 4.49
Matched TTPs:
- T1588.001 - Malware
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 3.96
Matched TTPs:
- T1588.001 - Malware
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.48
Matched TTPs:
- T1588.001 - Malware
- T1601.001 - Patch System Image
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.96
Matched TTPs:
- T1588.001 - Malware
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.10
Matched TTPs:
- T1588.001 - Malware
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1588.001 - Malware
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 7.36
Matched TTPs:
- T1588.001 - Malware
- T1552.003 - Shell History
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 6.40
Matched TTPs:
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1562.010 - Downgrade Attack
MITREへのリンク →
Score: 14.66
Matched TTPs:
- T1562.010 - Downgrade Attack
- T1608.005 - Link Target
- T1061 - Graphical User Interface
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.27
Matched TTPs:
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1608.005 - Link Target
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 6.72
Matched TTPs:
- T1564.002 - Hidden Users
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.46
Matched TTPs:
- T1601.001 - Patch System Image
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 5.12
Matched TTPs:
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.79
Matched TTPs:
- T1174 - Password Filter DLL
- T1055.005 - Thread Local Storage
- T1547.002 - Authentication Package
- T1578.001 - Create Snapshot
- T1588.001 - Malware
- T1608.005 - Link Target
- T1547.008 - LSASS Driver
- T1606.002 - SAML Tokens
- T1567.004 - Exfiltration Over Webhook
MITREへのリンク →
Score: 0.75
Matched TTPs:
- T1003.003 - NTDS
- T1547.002 - Authentication Package
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1588.001 - Malware
- T1608.005 - Link Target
- T1606.002 - SAML Tokens
- T1567.004 - Exfiltration Over Webhook
- T1552.003 - Shell History
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1564.002 - Hidden Users
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
- T1578.001 - Create Snapshot
- T1588.001 - Malware
- T1608.005 - Link Target
- T1606.002 - SAML Tokens
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design