Trusted Design

Destover Sony Pictures Compromise Dropper

概要

Destructive malware used by unknown computer network exploitation (CNE) operators has been identified. This malware has the capability to overwrite a victim host's master boot record (MBR) and all data files. The overwriting of the data files will make it extremley difficult and costly, if not impossible, to recover the data using standard forensic methods. Analysis of this malware is presented to provide the computer network defense (CND) community with indicators of this malware. Imported from IOCBucket

Created: 2026-02-23

Indicators

類似Pulses

Sony Malware (score: 0.67)
A .NET malware abusing legitimate ffmpeg - Malwarebytes Labs | Malwarebytes Labs (score: 0.59)
MANITSME (FAMILY) (score: 0.59)
Net malware on Metadefender.com (score: 0.58)
20160304: TrojanDownloader:Win32/Banload (score: 0.58)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 24.54

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1602 - Data from Configuration Repository
T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1543.001 - Launch Agent
T1070.009 - Clear Persistence
T1546.016 - Installer Packages

MITREへのリンク →

Patchwork

Score: 8.41

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1584.003 - Virtual Private Server
T1070.009 - Clear Persistence
T1665 - Hide Infrastructure

MITREへのリンク →

APT42

Score: 7.47

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

BRONZE BUTLER

Score: 17.05

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1592.004 - Client Configurations
T1542.004 - ROMMONkit
T1562.011 - Spoof Security Alerting
T1070.009 - Clear Persistence

MITREへのリンク →

TA551

Score: 5.78

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1562.011 - Spoof Security Alerting

MITREへのリンク →

Lazarus Group

Score: 32.51

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1602 - Data from Configuration Repository
T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1606.001 - Web Cookies
T1543.001 - Launch Agent
T1070.009 - Clear Persistence
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1556 - Modify Authentication Process

MITREへのリンク →

Tropic Trooper

Score: 14.31

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1059.010 - AutoHotKey & AutoIT
T1128 - Netsh Helper DLL
T1562.011 - Spoof Security Alerting
T1070.009 - Clear Persistence
T1665 - Hide Infrastructure

MITREへのリンク →

MuddyWater

Score: 10.09

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1059.010 - AutoHotKey & AutoIT
T1059.001 - PowerShell
T1562.011 - Spoof Security Alerting

MITREへのリンク →

APT19

Score: 4.31

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

APT33

Score: 5.49

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1556 - Modify Authentication Process

MITREへのリンク →

HAFNIUM

Score: 7.81

Matched TTPs:

T1161 - LC_LOAD_DYLIB Addition
T1584.003 - Virtual Private Server
T1049 - System Network Connections Discovery

MITREへのリンク →

APT38

Score: 15.81

Matched TTPs:

T1602 - Data from Configuration Repository
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1543.001 - Launch Agent
T1070.009 - Clear Persistence
T1059.005 - Visual Basic

MITREへのリンク →

Ember Bear

Score: 13.15

Matched TTPs:

T1602 - Data from Configuration Repository
T1584.003 - Virtual Private Server
T1059.001 - PowerShell
T1070.009 - Clear Persistence
T1003.003 - NTDS

MITREへのリンク →

APT37

Score: 7.92

Matched TTPs:

T1602 - Data from Configuration Repository
T1584.003 - Virtual Private Server
T1562.011 - Spoof Security Alerting

MITREへのリンク →

OilRig

Score: 17.58

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL
T1070.009 - Clear Persistence
T1556 - Modify Authentication Process

MITREへのリンク →

Gamaredon Group

Score: 24.56

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1606.001 - Web Cookies
T1061 - Graphical User Interface
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1546.017 - Udev Rules

MITREへのリンク →

APT28

Score: 18.34

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1059.001 - PowerShell
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1546.007 - Netsh Helper DLL

MITREへのリンク →

Turla

Score: 11.56

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1546.016 - Installer Packages

MITREへのリンク →

Kimsuky

Score: 15.43

Matched TTPs:

T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1070.009 - Clear Persistence
T1665 - Hide Infrastructure
T1003.003 - NTDS

MITREへのリンク →

FIN13

Score: 5.11

Matched TTPs:

T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

Moonstone Sleet

Score: 5.64

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media

MITREへのリンク →

Indrik Spider

Score: 4.93

Matched TTPs:

T1606.002 - SAML Tokens
T1546.016 - Installer Packages

MITREへのリンク →

Contagious Interview

Score: 12.33

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1070.009 - Clear Persistence
T1556 - Modify Authentication Process

MITREへのリンク →

UNC3886

Score: 7.61

Matched TTPs:

T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1070.009 - Clear Persistence

MITREへのリンク →

LuminousMoth

Score: 5.52

Matched TTPs:

T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media

MITREへのリンク →

Salt Typhoon

Score: 4.84

Matched TTPs:

T1606.002 - SAML Tokens
T1556 - Modify Authentication Process

MITREへのリンク →

APT29

Score: 13.31

Matched TTPs:

T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1592.004 - Client Configurations
T1218.009 - Regsvcs/Regasm
T1070.009 - Clear Persistence

MITREへのリンク →

Play

Score: 3.48

Matched TTPs:

T1606.002 - SAML Tokens
T1070.009 - Clear Persistence

MITREへのリンク →

RedCurl

Score: 10.70

Matched TTPs:

T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1542.004 - ROMMONkit
T1128 - Netsh Helper DLL
T1070.009 - Clear Persistence

MITREへのリンク →

Ke3chang

Score: 5.11

Matched TTPs:

T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

Mustang Panda

Score: 18.43

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1169 - Sudo
T1070.009 - Clear Persistence
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

TeamTNT

Score: 9.85

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1070.009 - Clear Persistence
T1665 - Hide Infrastructure

MITREへのリンク →

FIN7

Score: 9.83

Matched TTPs:

T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1059.001 - PowerShell

MITREへのリンク →

LAPSUS$

Score: 4.89

Matched TTPs:

T1584.003 - Virtual Private Server
T1543.001 - Launch Agent

MITREへのリンク →

APT39

Score: 4.40

Matched TTPs:

T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1070.009 - Clear Persistence

MITREへのリンク →

Axiom

Score: 9.61

Matched TTPs:

T1584.003 - Virtual Private Server
T1049 - System Network Connections Discovery
T1160 - Launch Daemon

MITREへのリンク →

ToddyCat

Score: 4.28

Matched TTPs:

T1584.003 - Virtual Private Server
T1665 - Hide Infrastructure

MITREへのリンク →

Fox Kitten

Score: 7.23

Matched TTPs:

T1584.003 - Virtual Private Server
T1059.001 - PowerShell
T1542.004 - ROMMONkit

MITREへのリンク →

Andariel

Score: 4.48

Matched TTPs:

T1584.003 - Virtual Private Server
T1562.011 - Spoof Security Alerting

MITREへのリンク →

Agrius

Score: 3.01

Matched TTPs:

T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

FIN6

Score: 8.32

Matched TTPs:

T1584.003 - Virtual Private Server
T1128 - Netsh Helper DLL
T1070.009 - Clear Persistence
T1556 - Modify Authentication Process

MITREへのリンク →

Dragonfly

Score: 8.41

Matched TTPs:

T1584.003 - Virtual Private Server
T1059.001 - PowerShell
T1070.009 - Clear Persistence
T1546.016 - Installer Packages

MITREへのリンク →

Threat Group-3390

Score: 16.80

Matched TTPs:

T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1059.001 - PowerShell
T1678 - Delay Execution
T1070.009 - Clear Persistence
T1546.017 - Udev Rules

MITREへのリンク →

Volt Typhoon

Score: 13.68

Matched TTPs:

T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1049 - System Network Connections Discovery
T1070.009 - Clear Persistence
T1546.016 - Installer Packages
T1665 - Hide Infrastructure

MITREへのリンク →

menuPass

Score: 10.18

Matched TTPs:

T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1059.001 - PowerShell
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence

MITREへのリンク →

Wizard Spider

Score: 8.32

Matched TTPs:

T1584.003 - Virtual Private Server
T1059.001 - PowerShell
T1070.009 - Clear Persistence
T1556 - Modify Authentication Process

MITREへのリンク →

Molerats

Score: 4.72

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1546.017 - Udev Rules

MITREへのリンク →

Earth Lusca

Score: 12.15

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1059.001 - PowerShell
T1562.011 - Spoof Security Alerting
T1546.016 - Installer Packages

MITREへのリンク →

TA505

Score: 3.54

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media

MITREへのリンク →

BlackByte

Score: 8.77

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1606.001 - Web Cookies
T1070.009 - Clear Persistence

MITREへのリンク →

Leviathan

Score: 10.59

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1562.011 - Spoof Security Alerting
T1546.016 - Installer Packages
T1546.017 - Udev Rules

MITREへのリンク →

Higaisa

Score: 7.55

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1665 - Hide Infrastructure
T1546.017 - Udev Rules

MITREへのリンク →

TA2541

Score: 7.87

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL
T1546.017 - Udev Rules

MITREへのリンク →

APT32

Score: 9.94

Matched TTPs:

T1091 - Replication Through Removable Media
T1592.004 - Client Configurations
T1070.009 - Clear Persistence
T1556 - Modify Authentication Process

MITREへのリンク →

Equation

Score: 8.67

Matched TTPs:

T1589.003 - Employee Names
T1130 - Install Root Certificate

MITREへのリンク →

Sowbug

Score: 3.03

Matched TTPs:

T1542.004 - ROMMONkit

MITREへのリンク →

Chimera

Score: 7.25

Matched TTPs:

T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1665 - Hide Infrastructure

MITREへのリンク →

Medusa Group

Score: 8.67

Matched TTPs:

T1128 - Netsh Helper DLL
T1070.009 - Clear Persistence
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Cobalt Group

Score: 4.13

Matched TTPs:

T1128 - Netsh Helper DLL
T1070.009 - Clear Persistence

MITREへのリンク →

FIN8

Score: 6.87

Matched TTPs:

T1128 - Netsh Helper DLL
T1070.009 - Clear Persistence
T1556 - Modify Authentication Process

MITREへのリンク →

Storm-0501

Score: 3.44

Matched TTPs:

T1543.001 - Launch Agent

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.82

Matched TTPs:

T1543.001 - Launch Agent
T1546.016 - Installer Packages
T1161 - LC_LOAD_DYLIB Addition
T1556 - Modify Authentication Process
T1055.005 - Thread Local Storage
T1606.001 - Web Cookies
T1070.009 - Clear Persistence
T1059.010 - AutoHotKey & AutoIT
T1665 - Hide Infrastructure
T1606.002 - SAML Tokens
T1602 - Data from Configuration Repository
T1584.003 - Virtual Private Server

MITREへのリンク →

Sandworm Team

Score: 0.62

Matched TTPs:

T1543.001 - Launch Agent
T1546.016 - Installer Packages
T1161 - LC_LOAD_DYLIB Addition
T1070.009 - Clear Persistence
T1091 - Replication Through Removable Media
T1059.010 - AutoHotKey & AutoIT
T1606.002 - SAML Tokens
T1602 - Data from Configuration Repository
T1049 - System Network Connections Discovery
T1584.003 - Virtual Private Server

MITREへのリンク →

Gamaredon Group

Score: 0.60

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1542.004 - ROMMONkit
T1070.009 - Clear Persistence
T1061 - Graphical User Interface
T1546.017 - Udev Rules
T1091 - Replication Through Removable Media
T1059.010 - AutoHotKey & AutoIT
T1606.001 - Web Cookies
T1584.003 - Virtual Private Server

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る