Trusted Design

MMD-0047-2015 - SSHV: SSH bruter ELF botnet malware

概要

Several actors in particularly from the People's Republic of China (PRC) have been using Linux ELF malware to overcome and conquer Linux with malicious usage from its system internals (kernel), its web services supported with various script programming, and vulnerabilities of its remote management access. The usage for Linux as the biggest backbone in our internet services, and its OS flexibility to support a lot of processor architecture has made Linux OS as a majority in market of embedded platform used in our the Internet of Things, from routers to television, from web camera to car control system.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

APT41

Score: 16.10
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

Rocke

Score: 8.04
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 9.88
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT28

Score: 13.31
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

UNC3886

Score: 12.48
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 15.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

FIN13

Score: 12.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Moonstone Sleet

Score: 6.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Indrik Spider

Score: 6.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

Lazarus Group

Score: 22.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1558.005 - Ccache Files
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 7.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

OilRig

Score: 15.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 17.48
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT29

Score: 12.53
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Play

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 8.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558.005 - Ccache Files
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Turla

Score: 12.36
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1590.003 - Network Trust Dependencies
  • T1097 - Pass the Ticket
  • T1569.002 - Service Execution
MITREへのリンク →

Ke3chang

Score: 12.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 14.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
MITREへのリンク →

FIN7

Score: 9.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HAFNIUM

Score: 8.94
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT5

Score: 11.09
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1622 - Debugger Evasion
MITREへのリンク →

BRONZE BUTLER

Score: 11.15
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1008 - Fallback Channels
MITREへのリンク →

Aquatic Panda

Score: 4.17
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

Chimera

Score: 8.86
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.003 - Network Trust Dependencies
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Earth Lusca

Score: 5.97
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Volt Typhoon

Score: 12.19
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 4.17
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

Medusa Group

Score: 18.71
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Higaisa

Score: 6.71
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

BlackTech

Score: 5.25
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 4.26
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Tropic Trooper

Score: 10.15
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

ToddyCat

Score: 3.76
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

menuPass

Score: 5.40
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

APT37

Score: 7.40
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Gamaredon Group

Score: 4.26
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT38

Score: 10.83
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1097 - Pass the Ticket
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA505

Score: 4.26
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Silence

Score: 6.33
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA2541

Score: 4.72
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Threat Group-3390

Score: 4.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackByte

Score: 7.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BITTER

Score: 7.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 9.71
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HEXANE

Score: 6.14
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1097 - Pass the Ticket
  • T1622 - Debugger Evasion
MITREへのリンク →

Saint Bear

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 4.72
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Ember Bear

Score: 5.49
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 6.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1683 - Generate Content
  • T1622 - Debugger Evasion
MITREへのリンク →

Storm-0501

Score: 6.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Fox Kitten

Score: 5.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 5.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1622 - Debugger Evasion
MITREへのリンク →

Blue Mockingbird

Score: 10.05
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

Leviathan

Score: 4.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

INC Ransom

Score: 5.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Dragonfly

Score: 7.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

Axiom

Score: 12.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

APT39

Score: 10.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Patchwork

Score: 6.43
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

Cobalt Group

Score: 5.89
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
MITREへのリンク →

APT3

Score: 3.14
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

Velvet Ant

Score: 8.07
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

FIN6

Score: 6.79
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN8

Score: 4.39
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
MITREへのリンク →

RTM

Score: 6.21
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

Scattered Spider

Score: 4.58
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

Wizard Spider

Score: 4.05
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1569.002 - Service Execution
  • T1055.005 - Thread Local Storage
  • T1558.005 - Ccache Files
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1216 - System Script Proxy Execution
  • T1622 - Debugger Evasion
MITREへのリンク →

Medusa Group

Score: 0.67
Matched TTPs:
  • T1094 - Custom Command and Control Protocol
  • T1027.007 - Dynamic API Resolution
  • T1128 - Netsh Helper DLL
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Sandworm Team

Score: 0.67
Matched TTPs:
  • T1075 - Pass the Hash
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1003.007 - Proc Filesystem
  • T1606.002 - SAML Tokens
  • T1008 - Fallback Channels
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1499.001 - OS Exhaustion Flood
  • T1218.010 - Regsvr32
  • T1008 - Fallback Channels
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1097 - Pass the Ticket
MITREへのリンク →

Mustang Panda

Score: 0.57
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
MITREへのリンク →

OilRig

Score: 0.56
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1606.002 - SAML Tokens
  • T1622 - Debugger Evasion
  • T1097 - Pass the Ticket
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る