Trusted Design

BeatBanker: both banker and miner for Android

概要

BeatBanker is a sophisticated Android malware campaign targeting Brazil. It spreads through phishing attacks using a fake Google Play Store website. The malware combines a cryptocurrency miner and a banking Trojan capable of hijacking devices and overlaying screens. It employs creative persistence mechanisms, including playing an inaudible audio loop. BeatBanker monitors device status, disguises itself as legitimate apps, and targets cryptocurrency transactions on Binance and Trust Wallet. Recent variants have replaced the banking module with the BTMOB remote administration tool, expanding its capabilities. The threat demonstrates advanced evasion techniques, uses Firebase Cloud Messaging for command and control, and targets multiple browsers for data collection. Victims are primarily located in Brazil, with some samples spreading via WhatsApp.

Created: 2026-03-10

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 14.27
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 30.89
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1132.002 - Non-Standard Encoding
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sea Turtle

Score: 19.32
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Inception

Score: 6.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 5.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 4.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 9.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1591.003 - Identify Business Tempo
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 7.48
Matched TTPs:
  • T1491.002 - External Defacement
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 17.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT18

Score: 4.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 22.38
Matched TTPs:
  • T1491.002 - External Defacement
  • T1484.002 - Trust Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 12.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 7.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 16.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 6.24
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 5.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 6.71
Matched TTPs:
  • T1491.002 - External Defacement
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 7.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 4.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
MITREへのリンク →

APT19

Score: 3.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Fox Kitten

Score: 11.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Threat Group-3390

Score: 13.08
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

TA2541

Score: 7.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 4.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.003 - Shell History
MITREへのリンク →

Magic Hound

Score: 28.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1592.003 - Firmware
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 6.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 9.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 9.48
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Contagious Interview

Score: 17.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

menuPass

Score: 9.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Moses Staff

Score: 6.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 12.63
Matched TTPs:
  • T1491.002 - External Defacement
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1519 - Emond
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 20.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1574.014 - AppDomainManager
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 17.80
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 10.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Mustard Tempest

Score: 8.93
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1115 - Clipboard Data
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 3.95
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 9.70
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1157 - Dylib Hijacking
  • T1668 - Exclusive Control
MITREへのリンク →

APT29

Score: 23.96
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 16.23
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1668 - Exclusive Control
MITREへのリンク →

Dragonfly

Score: 17.58
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

Ke3chang

Score: 12.10
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Agrius

Score: 5.86
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 32.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT5

Score: 9.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Wizard Spider

Score: 15.93
Matched TTPs:
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 14.23
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1668 - Exclusive Control
MITREへのリンク →

Axiom

Score: 11.52
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

HEXANE

Score: 8.94
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1590.006 - Network Security Appliances
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

RedCurl

Score: 6.10
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1219.001 - IDE Tunneling
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 19.82
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 8.03
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

Cinnamon Tempest

Score: 11.20
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
MITREへのリンク →

Scattered Spider

Score: 35.74
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1218.005 - Mshta
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
MITREへのリンク →

Storm-0501

Score: 14.31
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1218.005 - Mshta
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sandworm Team

Score: 26.48
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 13.21
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 15.51
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 5.29
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 3.88
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 11.64
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 6.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 8.08
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
MITREへのリンク →

LuminousMoth

Score: 9.54
Matched TTPs:
  • T1115 - Clipboard Data
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 22.69
Matched TTPs:
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1574.014 - AppDomainManager
MITREへのリンク →

UNC3886

Score: 17.80
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

Volt Typhoon

Score: 20.11
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Rocke

Score: 9.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

BlackTech

Score: 4.32
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Medusa Group

Score: 14.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BlackByte

Score: 14.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 7.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 7.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 12.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 9.56
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Play

Score: 9.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

MuddyWater

Score: 18.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 8.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Akira

Score: 12.62
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT42

Score: 9.22
Matched TTPs:
  • T1583.001 - Domains
  • T1590.006 - Network Security Appliances
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Cobalt Group

Score: 6.99
Matched TTPs:
  • T1518.002 - Backup Software Discovery
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT38

Score: 16.02
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Velvet Ant

Score: 5.44
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
MITREへのリンク →

LAPSUS$

Score: 18.80
Matched TTPs:
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1564.003 - Hidden Window
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Lotus Blossom

Score: 6.61
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1505 - Server Software Component
MITREへのリンク →

APT3

Score: 8.91
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 3.81
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
MITREへのリンク →

APT1

Score: 4.22
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1668 - Exclusive Control
MITREへのリンク →

Chimera

Score: 23.08
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1592.003 - Firmware
  • T1059.003 - Windows Command Shell
  • T1132.002 - Non-Standard Encoding
  • T1668 - Exclusive Control
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Windigo

Score: 3.64
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Confucius

Score: 6.49
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 3.70
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Indrik Spider

Score: 5.56
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Aquatic Panda

Score: 4.54
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

FIN8

Score: 5.13
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 5.38
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 3.88
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Scattered Spider

Score: 0.70
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1157 - Dylib Hijacking
  • T1219.001 - IDE Tunneling
  • T1590.006 - Network Security Appliances
  • T1564.003 - Hidden Window
  • T1583.001 - Domains
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1019 - System Firmware
  • T1218.005 - Mshta
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1566.002 - Spearphishing Link
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1157 - Dylib Hijacking
  • T1219.001 - IDE Tunneling
  • T1590.006 - Network Security Appliances
  • T1668 - Exclusive Control
  • T1177 - LSASS Driver
  • T1564.003 - Hidden Window
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1584.008 - Network Devices
  • T1045 - Software Packing
  • T1574.002 - DLL Side-Loading
  • T1002 - Data Compressed
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1218.012 - Verclsid
  • T1219.001 - IDE Tunneling
  • T1590.006 - Network Security Appliances
  • T1668 - Exclusive Control
  • T1132.002 - Non-Standard Encoding
  • T1027.018 - Invisible Unicode
  • T1140 - Deobfuscate/Decode Files or Information
  • T1037 - Boot or Logon Initialization Scripts
  • T1009 - Binary Padding
  • T1055.014 - VDSO Hijacking
  • T1552.003 - Shell History
  • T1566.002 - Spearphishing Link
  • T1597 - Search Closed Sources
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る