Trusted Design

Who’s who in the Zoo

概要

ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. We label them from v1-v4, with v4 being the most recent version deployed in 2017. From the technical point of view, the evolution of ZooPark has shown notable progress: from the very basic first and second versions, the commercial spyware fork in its third version and then to the complex spyware that is version 4. This last step is especially interesting, showing a big leap from straightforward code functionality to highly sophisticated malware.

Created: 2026-02-23

Indicators

類似Pulses

Exodus: New Android Spyware Made in Italy (score: 0.60)
Skygofree: Following in the footsteps of HackingTeam (score: 0.60)
RuMMS: The Latest Family of Android Malware (score: 0.60)
Ratcheting Down on JSocket: A PC and Android Threat (score: 0.59)
Spyware Disguises as Android Applications on Google Play (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 8.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

Moonstone Sleet

Score: 6.59

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 14.14

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1069.001 - Local Groups
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 7.44

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

OilRig

Score: 15.82

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1199 - Trusted Relationship
T1592.002 - Software
T1547.008 - LSASS Driver

MITREへのリンク →

LuminousMoth

Score: 4.92

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship

MITREへのリンク →

Sandworm Team

Score: 8.76

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1199 - Trusted Relationship

MITREへのリンク →

APT29

Score: 9.31

Matched TTPs:

T1606.002 - SAML Tokens
T1592.004 - Client Configurations
T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

Mustang Panda

Score: 11.80

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1159 - Launch Agent
T1055.005 - Thread Local Storage

MITREへのリンク →

TeamTNT

Score: 8.61

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1071.003 - Mail Protocols

MITREへのリンク →

FIN7

Score: 4.92

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship

MITREへのリンク →

TA2541

Score: 5.97

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

Threat Group-3390

Score: 5.97

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

SideCopy

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1159 - Launch Agent

MITREへのリンク →

BlackByte

Score: 5.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1001 - Data Obfuscation

MITREへのリンク →

APT32

Score: 6.67

Matched TTPs:

T1091 - Replication Through Removable Media
T1592.004 - Client Configurations
T1199 - Trusted Relationship

MITREへのリンク →

HEXANE

Score: 5.57

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1159 - Launch Agent

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

Ember Bear

Score: 3.84

Matched TTPs:

T1005 - Data from Local System

MITREへのリンク →

BRONZE BUTLER

Score: 7.44

Matched TTPs:

T1592.004 - Client Configurations
T1199 - Trusted Relationship
T1159 - Launch Agent

MITREへのリンク →

Inception

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1159 - Launch Agent

MITREへのリンク →

Magic Hound

Score: 3.37

Matched TTPs:

T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

MuddyWater

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1159 - Launch Agent

MITREへのリンク →

APT28

Score: 4.98

Matched TTPs:

T1199 - Trusted Relationship
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-1811

Score: 3.37

Matched TTPs:

T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

menuPass

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

FIN6

Score: 3.37

Matched TTPs:

T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

Patchwork

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

Gorgon Group

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1001 - Data Obfuscation

MITREへのリンク →

Volt Typhoon

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1159 - Launch Agent

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Windshift

Score: 5.27

Matched TTPs:

T1159 - Launch Agent
T1547.008 - LSASS Driver

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.79

Matched TTPs:

T1547.008 - LSASS Driver
T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1005 - Data from Local System
T1091 - Replication Through Removable Media
T1592.002 - Software

MITREへのリンク →

Lazarus Group

Score: 0.74

Matched TTPs:

T1547.008 - LSASS Driver
T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1055.005 - Thread Local Storage
T1069.001 - Local Groups

MITREへのリンク →

Mustang Panda

Score: 0.64

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1159 - Launch Agent
T1055.005 - Thread Local Storage
T1091 - Replication Through Removable Media

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る