Trusted Design

Who’s who in the Zoo

概要

ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. We label them from v1-v4, with v4 being the most recent version deployed in 2017. From the technical point of view, the evolution of ZooPark has shown notable progress: from the very basic first and second versions, the commercial spyware fork in its third version and then to the complex spyware that is version 4. This last step is especially interesting, showing a big leap from straightforward code functionality to highly sophisticated malware.

Created: 2026-02-23

Indicators

類似Pulses

Exodus: New Android Spyware Made in Italy (score: 0.60)
Skygofree: Following in the footsteps of HackingTeam (score: 0.60)
RuMMS: The Latest Family of Android Malware (score: 0.60)
Ratcheting Down on JSocket: A PC and Android Threat (score: 0.59)
Spyware Disguises as Android Applications on Google Play (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 8.07

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

Moonstone Sleet

Score: 6.59

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 14.14

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1574.013 - KernelCallbackTable
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 7.44

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

OilRig

Score: 15.82

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1588.002 - Tool
T1137.004 - Outlook Home Page
T1566.003 - Spearphishing via Service

MITREへのリンク →

LuminousMoth

Score: 4.92

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.002 - Tool

MITREへのリンク →

Sandworm Team

Score: 8.76

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1588.002 - Tool

MITREへのリンク →

APT29

Score: 9.31

Matched TTPs:

T1587.001 - Malware
T1550.003 - Pass the Ticket
T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

Mustang Panda

Score: 11.80

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.002 - Tool
T1518 - Software Discovery
T1027.007 - Dynamic API Resolution

MITREへのリンク →

TeamTNT

Score: 8.61

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1610 - Deploy Container

MITREへのリンク →

FIN7

Score: 4.92

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.002 - Tool

MITREへのリンク →

TA2541

Score: 5.97

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

Threat Group-3390

Score: 5.97

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

SideCopy

Score: 4.72

Matched TTPs:

T1608.001 - Upload Malware
T1518 - Software Discovery

MITREへのリンク →

BlackByte

Score: 5.12

Matched TTPs:

T1608.001 - Upload Malware
T1055.012 - Process Hollowing

MITREへのリンク →

APT32

Score: 6.67

Matched TTPs:

T1608.001 - Upload Malware
T1550.003 - Pass the Ticket
T1588.002 - Tool

MITREへのリンク →

HEXANE

Score: 5.57

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1518 - Software Discovery

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

Ember Bear

Score: 3.84

Matched TTPs:

T1195 - Supply Chain Compromise

MITREへのリンク →

BRONZE BUTLER

Score: 7.44

Matched TTPs:

T1550.003 - Pass the Ticket
T1588.002 - Tool
T1518 - Software Discovery

MITREへのリンク →

Inception

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1518 - Software Discovery

MITREへのリンク →

Magic Hound

Score: 3.37

Matched TTPs:

T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

MuddyWater

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1518 - Software Discovery

MITREへのリンク →

APT28

Score: 4.98

Matched TTPs:

T1588.002 - Tool
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Storm-1811

Score: 3.37

Matched TTPs:

T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

menuPass

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

FIN6

Score: 3.37

Matched TTPs:

T1588.002 - Tool
T1566.003 - Spearphishing via Service

MITREへのリンク →

Patchwork

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

Gorgon Group

Score: 4.00

Matched TTPs:

T1588.002 - Tool
T1055.012 - Process Hollowing

MITREへのリンク →

Volt Typhoon

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1518 - Software Discovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Windshift

Score: 5.27

Matched TTPs:

T1518 - Software Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1211 - Exploitation for Defense Evasion

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.79

Matched TTPs:

T1566.003 - Spearphishing via Service
T1587.001 - Malware
T1588.002 - Tool
T1608.001 - Upload Malware
T1137.004 - Outlook Home Page
T1195 - Supply Chain Compromise

MITREへのリンク →

Lazarus Group

Score: 0.74

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service
T1587.001 - Malware
T1588.002 - Tool
T1574.013 - KernelCallbackTable

MITREへのリンク →

Mustang Panda

Score: 0.64

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1587.001 - Malware
T1518 - Software Discovery
T1588.002 - Tool
T1608.001 - Upload Malware

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る