Fauxpersky: CredStealer malware written in AutoHotKey masquerades as Kaspersky Antivirus, spreading through infecting USB drives
概要
Researchers at Cybereason, a Boston, Mass.-based security firm, call the malware "Fauxpersky," as it impersonates the Russian antivirus software Kaspersky. The keylogger is built off a popular app, AutoHotKey, which lets users write small scripts for automating tasks, and compile the script into an executable file. In this case, the app was abused to build a keylogger, which spreads through USB drives and infects Windows PCs -- and replicates on the computer's listed drives.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 3.29
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
MITREへのリンク →
Score: 17.58
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1218.013 - Mavinject
- T1007 - System Service Discovery
- T1059.009 - Cloud API
- T1177 - LSASS Driver
- T1588.001 - Malware
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 9.14
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1218.013 - Mavinject
- T1537 - Transfer Data to Cloud Account
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 11.40
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1537 - Transfer Data to Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 24.29
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1552.005 - Cloud Instance Metadata API
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1058 - Service Registry Permissions Weakness
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
- T1055.008 - Ptrace System Calls
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.97
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1606.002 - SAML Tokens
- T1588.001 - Malware
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 6.82
Matched TTPs:
- T1485.001 - Lifecycle-Triggered Deletion
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 14.12
Matched TTPs:
- T1552.005 - Cloud Instance Metadata API
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1218.010 - Regsvr32
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 17.41
Matched TTPs:
- T1552.005 - Cloud Instance Metadata API
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1058 - Service Registry Permissions Weakness
- T1059.009 - Cloud API
- T1608 - Stage Capabilities
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 15.19
Matched TTPs:
- T1552.005 - Cloud Instance Metadata API
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1059.009 - Cloud API
- T1003.001 - LSASS Memory
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 7.85
Matched TTPs:
- T1218.013 - Mavinject
- T1059.009 - Cloud API
- T1537 - Transfer Data to Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.13
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1537 - Transfer Data to Cloud Account
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 5.85
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1059.009 - Cloud API
MITREへのリンク →
Score: 19.02
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1058 - Service Registry Permissions Weakness
- T1011.001 - Exfiltration Over Bluetooth
- T1588.001 - Malware
- T1105 - Ingress Tool Transfer
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1218.013 - Mavinject
- T1543.002 - Systemd Service
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 10.13
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.08
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.76
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1059.009 - Cloud API
MITREへのリンク →
Score: 3.23
Matched TTPs:
- T1218.013 - Mavinject
- T1588.001 - Malware
MITREへのリンク →
Score: 10.82
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1574.010 - Services File Permissions Weakness
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 13.52
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1177 - LSASS Driver
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1588.001 - Malware
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1218.013 - Mavinject
- T1007 - System Service Discovery
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.06
Matched TTPs:
- T1218.013 - Mavinject
- T1059.009 - Cloud API
- T1588.001 - Malware
MITREへのリンク →
Score: 18.36
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1007 - System Service Discovery
- T1059.009 - Cloud API
- T1588.001 - Malware
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 3.23
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
MITREへのリンク →
Score: 20.86
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1007 - System Service Discovery
- T1058 - Service Registry Permissions Weakness
- T1003.001 - LSASS Memory
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
- T1665 - Hide Infrastructure
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.85
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1588.001 - Malware
MITREへのリンク →
Score: 6.69
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1588.001 - Malware
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1218.013 - Mavinject
- T1007 - System Service Discovery
MITREへのリンク →
Score: 10.76
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1059.009 - Cloud API
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 3.23
Matched TTPs:
- T1218.013 - Mavinject
- T1588.001 - Malware
MITREへのリンク →
Score: 27.99
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1050 - New Service
- T1588.001 - Malware
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1055.005 - Thread Local Storage
- T1105 - Ingress Tool Transfer
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.45
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1058 - Service Registry Permissions Weakness
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1218.013 - Mavinject
- T1007 - System Service Discovery
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.21
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1218.013 - Mavinject
- T1007 - System Service Discovery
MITREへのリンク →
Score: 7.90
Matched TTPs:
- T1218.013 - Mavinject
- T1059.009 - Cloud API
- T1218.010 - Regsvr32
- T1656 - Impersonation
MITREへのリンク →
Score: 14.54
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1007 - System Service Discovery
- T1499.002 - Service Exhaustion Flood
- T1050 - New Service
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1218.013 - Mavinject
- T1490 - Inhibit System Recovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 25.93
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1588.001 - Malware
- T1608 - Stage Capabilities
- T1656 - Impersonation
- T1537 - Transfer Data to Cloud Account
- T1526 - Cloud Service Discovery
- T1665 - Hide Infrastructure
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 3.76
Matched TTPs:
- T1218.013 - Mavinject
- T1087.002 - Domain Account
- T1059.009 - Cloud API
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1218.013 - Mavinject
- T1177 - LSASS Driver
- T1588.001 - Malware
- T1656 - Impersonation
MITREへのリンク →
Score: 3.97
Matched TTPs:
- T1218.013 - Mavinject
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 26.19
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1058 - Service Registry Permissions Weakness
- T1608 - Stage Capabilities
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1526 - Cloud Service Discovery
- T1055.005 - Thread Local Storage
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 10.39
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1007 - System Service Discovery
- T1588.001 - Malware
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 5.51
Matched TTPs:
- T1218.013 - Mavinject
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 10.86
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1656 - Impersonation
- T1221 - Template Injection
MITREへのリンク →
Score: 4.76
Matched TTPs:
- T1606.002 - SAML Tokens
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 9.46
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.002 - Domain Account
- T1058 - Service Registry Permissions Weakness
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 4.33
Matched TTPs:
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1087.002 - Domain Account
- T1007 - System Service Discovery
- T1059.009 - Cloud API
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.33
Matched TTPs:
- T1087.002 - Domain Account
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 5.77
Matched TTPs:
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 12.47
Matched TTPs:
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
- T1526 - Cloud Service Discovery
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 4.38
Matched TTPs:
- T1087.002 - Domain Account
- T1588.001 - Malware
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.67
Matched TTPs:
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 14.21
Matched TTPs:
- T1087.002 - Domain Account
- T1588.001 - Malware
- T1218.010 - Regsvr32
- T1567.002 - Exfiltration to Cloud Storage
- T1665 - Hide Infrastructure
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 14.11
Matched TTPs:
- T1087.002 - Domain Account
- T1007 - System Service Discovery
- T1059.009 - Cloud API
- T1003.001 - LSASS Memory
- T1588.001 - Malware
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1087.002 - Domain Account
- T1574.010 - Services File Permissions Weakness
MITREへのリンク →
Score: 6.16
Matched TTPs:
- T1087.002 - Domain Account
- T1059.009 - Cloud API
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 6.24
Matched TTPs:
- T1087.002 - Domain Account
- T1050 - New Service
- T1059.009 - Cloud API
MITREへのリンク →
Score: 3.94
Matched TTPs:
- T1087.002 - Domain Account
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 9.06
Matched TTPs:
- T1087.002 - Domain Account
- T1050 - New Service
- T1218.010 - Regsvr32
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1087.002 - Domain Account
- T1007 - System Service Discovery
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 10.35
Matched TTPs:
- T1087.002 - Domain Account
- T1007 - System Service Discovery
- T1059.009 - Cloud API
- T1174 - Password Filter DLL
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 3.94
Matched TTPs:
- T1087.002 - Domain Account
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 4.33
Matched TTPs:
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 5.12
Matched TTPs:
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.43
Matched TTPs:
- T1087.002 - Domain Account
- T1218.010 - Regsvr32
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 6.28
Matched TTPs:
- T1007 - System Service Discovery
- T1059.009 - Cloud API
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 4.23
Matched TTPs:
- T1007 - System Service Discovery
- T1059.009 - Cloud API
MITREへのリンク →
Score: 6.83
Matched TTPs:
- T1177 - LSASS Driver
- T1218.010 - Regsvr32
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1177 - LSASS Driver
- T1218.010 - Regsvr32
- T1160 - Launch Daemon
MITREへのリンク →
Score: 4.15
Matched TTPs:
- T1588.001 - Malware
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 4.15
Matched TTPs:
- T1588.001 - Malware
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1174 - Password Filter DLL
- T1537 - Transfer Data to Cloud Account
MITREへのリンク →
Score: 4.16
Matched TTPs:
- T1218.010 - Regsvr32
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 9.46
Matched TTPs:
- T1105 - Ingress Tool Transfer
- T1055.008 - Ptrace System Calls
- T1490 - Inhibit System Recovery
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.78
Matched TTPs:
- T1105 - Ingress Tool Transfer
- T1087.002 - Domain Account
- T1567.002 - Exfiltration to Cloud Storage
- T1218.013 - Mavinject
- T1588.001 - Malware
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1606.002 - SAML Tokens
- T1218.010 - Regsvr32
- T1050 - New Service
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 0.75
Matched TTPs:
- T1608 - Stage Capabilities
- T1537 - Transfer Data to Cloud Account
- T1087.002 - Domain Account
- T1218.013 - Mavinject
- T1490 - Inhibit System Recovery
- T1656 - Impersonation
- T1588.001 - Malware
- T1059.009 - Cloud API
- T1526 - Cloud Service Discovery
- T1665 - Hide Infrastructure
- T1606.002 - SAML Tokens
MITREへのリンク →
Score: 0.71
Matched TTPs:
- T1608 - Stage Capabilities
- T1087.002 - Domain Account
- T1567.002 - Exfiltration to Cloud Storage
- T1218.013 - Mavinject
- T1055.005 - Thread Local Storage
- T1058 - Service Registry Permissions Weakness
- T1526 - Cloud Service Discovery
- T1606.002 - SAML Tokens
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 0.71
Matched TTPs:
- T1087.002 - Domain Account
- T1218.013 - Mavinject
- T1058 - Service Registry Permissions Weakness
- T1499.001 - OS Exhaustion Flood
- T1218.010 - Regsvr32
- T1055.008 - Ptrace System Calls
- T1105 - Ingress Tool Transfer
- T1566.003 - Spearphishing via Service
- T1552.005 - Cloud Instance Metadata API
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1087.002 - Domain Account
- T1218.013 - Mavinject
- T1490 - Inhibit System Recovery
- T1588.001 - Malware
- T1058 - Service Registry Permissions Weakness
- T1011.001 - Exfiltration Over Bluetooth
- T1606.002 - SAML Tokens
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1087.002 - Domain Account
- T1218.013 - Mavinject
- T1007 - System Service Discovery
- T1490 - Inhibit System Recovery
- T1003.001 - LSASS Memory
- T1058 - Service Registry Permissions Weakness
- T1665 - Hide Infrastructure
- T1218.010 - Regsvr32
- T1105 - Ingress Tool Transfer
MITREへのリンク →
Score: 0.55
Matched TTPs:
- T1105 - Ingress Tool Transfer
- T1087.002 - Domain Account
- T1218.013 - Mavinject
- T1007 - System Service Discovery
- T1490 - Inhibit System Recovery
- T1588.001 - Malware
- T1059.009 - Cloud API
- T1218.010 - Regsvr32
- T1174 - Password Filter DLL
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design