Trusted Design

FluxerBot: Nginx Powered Proxy Malware

概要

What first appeared last week to be yet another malspam campaign solely spread to infect victims with Andromeda, also downloaded some interesting second stage payloads; including several keyloggers and what was later discovered to be labeled as the Fluxer proxybot. The initial malspam lures contained Italian language informing its victims that he or she has received an invoice as the message attachment. The message attachment is a ZIP archive which contained the Andromeda malware installer. Source : http://phishme.com/fluxerbot-nginx-powered-proxy-malware/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Botnet - Fluxerbot (score: 0.76)
THL 2015-12-09: Invoice ... from Valley Dynamo, L.P. (score: 0.59)
Malware-Traffic-Analysis.net - 2017-07-31 - malspam pushing GlobeImposter ransomware (score: 0.58)
DYNAMOO 2016-01-12: Malware: "Lattitude Global Volunteering" (score: 0.58)
GamaPoS: The Andromeda Botnet Connection (score: 0.58)

このPulseに関連する脅威アクター (事実ベース)

Mustard Tempest

Score: 6.51

Matched TTPs:

T1682 - Query Public AI Services
T1091 - Replication Through Removable Media

MITREへのリンク →

APT41

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

Scattered Spider

Score: 6.91

Matched TTPs:

T1560.003 - Archive via Custom Method
T1083 - File and Directory Discovery

MITREへのリンク →

TA505

Score: 9.10

Matched TTPs:

T1560.003 - Archive via Custom Method
T1527 - Application Access Token
T1091 - Replication Through Removable Media

MITREへのリンク →

Volt Typhoon

Score: 6.91

Matched TTPs:

T1560.003 - Archive via Custom Method
T1083 - File and Directory Discovery

MITREへのリンク →

APT3

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

FIN13

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

menuPass

Score: 3.84

Matched TTPs:

T1527 - Application Access Token

MITREへのリンク →

Gamaredon Group

Score: 5.82

Matched TTPs:

T1527 - Application Access Token
T1091 - Replication Through Removable Media

MITREへのリンク →

Mustang Panda

Score: 6.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1055.005 - Thread Local Storage

MITREへのリンク →

Kimsuky

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1027.014 - Polymorphic Code

MITREへのリンク →

OilRig

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1592.002 - Software

MITREへのリンク →

BlackByte

Score: 5.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT32

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1027.014 - Polymorphic Code

MITREへのリンク →

Wizard Spider

Score: 3.62

Matched TTPs:

T1083 - File and Directory Discovery

MITREへのリンク →

INC Ransom

Score: 3.62

Matched TTPs:

T1083 - File and Directory Discovery

MITREへのリンク →

Storm-0501

Score: 6.37

Matched TTPs:

T1027.014 - Polymorphic Code
T1102.002 - Bidirectional Communication

MITREへのリンク →

Storm-1811

Score: 4.54

Matched TTPs:

T1486 - Data Encrypted for Impact

MITREへのリンク →

Ke3chang

Score: 3.62

Matched TTPs:

T1102.002 - Bidirectional Communication

MITREへのリンク →

Malteiro

Score: 3.62

Matched TTPs:

T1102.002 - Bidirectional Communication

MITREへのリンク →

APT29

Score: 4.54

Matched TTPs:

T1218.009 - Regsvcs/Regasm

MITREへのリンク →

Lazarus Group

Score: 4.13

Matched TTPs:

T1055.005 - Thread Local Storage

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

TA505

Score: 0.81

Matched TTPs:

T1560.003 - Archive via Custom Method
T1091 - Replication Through Removable Media
T1527 - Application Access Token

MITREへのリンク →

Mustard Tempest

Score: 0.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1682 - Query Public AI Services

MITREへのリンク →

Scattered Spider

Score: 0.63

Matched TTPs:

T1560.003 - Archive via Custom Method
T1083 - File and Directory Discovery

MITREへのリンク →

Volt Typhoon

Score: 0.61

Matched TTPs:

T1560.003 - Archive via Custom Method
T1083 - File and Directory Discovery

MITREへのリンク →

Storm-0501

Score: 0.59

Matched TTPs:

T1027.014 - Polymorphic Code
T1102.002 - Bidirectional Communication

MITREへのリンク →

OilRig

Score: 0.58

Matched TTPs:

T1091 - Replication Through Removable Media
T1592.002 - Software

MITREへのリンク →

Mustang Panda

Score: 0.56

Matched TTPs:

T1091 - Replication Through Removable Media
T1055.005 - Thread Local Storage

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る