Trusted Design

Android Malware Targeting Journalists

概要

In recent weeks, Iranian groups have increased their use of Android malware in order to compromise foreign journalists and political activists focused on the country. These incidents have involved the use of fictitious personas and compromised accounts in order to turn on others. Alongside Android malware, the group uses a familiar tactic of sending fake login pages for Facebook, Google, Yahoo and Microsoft in order to obtain account credentials through phishing. Finally, while two factor authentication (2FA) remains a critical resource to protect accounts, an observed compromised further highlights the need to move away from using the text message method onto Google Authenticator.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Android banking malware masquerades as Flash Player (score: 0.70)
Android banking trojan as Flash Player and bypasses 2FA (score: 0.68)
Trojan-Banker.AndroidOS.Faketoken follow-up (score: 0.66)
ZBot Malware (score: 0.66)
London Calling: Two-Factor Authentication Phishing From Iran (score: 0.65)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 14.48

Matched TTPs:

T1586.001 - Social Media Accounts
T1087.003 - Email Account
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

Leviathan

Score: 14.56

Matched TTPs:

T1586.001 - Social Media Accounts
T1586.002 - Email Accounts
T1589.001 - Credentials
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

APT28

Score: 13.44

Matched TTPs:

T1586.002 - Email Accounts
T1589.001 - Credentials
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1598 - Phishing for Information

MITREへのリンク →

Magic Hound

Score: 18.27

Matched TTPs:

T1586.002 - Email Accounts
T1087.003 - Email Account
T1589.001 - Credentials
T1102.002 - Bidirectional Communication
T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

Mustang Panda

Score: 8.29

Matched TTPs:

T1586.002 - Email Accounts
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

OilRig

Score: 17.99

Matched TTPs:

T1586.002 - Email Accounts
T1069.001 - Local Groups
T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page
T1555.004 - Windows Credential Manager
T1566.003 - Spearphishing via Service

MITREへのリンク →

HEXANE

Score: 8.22

Matched TTPs:

T1586.002 - Email Accounts
T1069.001 - Local Groups
T1102.002 - Bidirectional Communication

MITREへのリンク →

Kimsuky

Score: 20.59

Matched TTPs:

T1586.002 - Email Accounts
T1055.012 - Process Hollowing
T1102.002 - Bidirectional Communication
T1598 - Phishing for Information
T1585 - Establish Accounts
T1680 - Local Storage Discovery
T1078.003 - Local Accounts

MITREへのリンク →

LAPSUS$

Score: 9.95

Matched TTPs:

T1586.002 - Email Accounts
T1621 - Multi-Factor Authentication Request Generation
T1589.001 - Credentials

MITREへのリンク →

APT29

Score: 17.04

Matched TTPs:

T1586.002 - Email Accounts
T1550.003 - Pass the Ticket
T1621 - Multi-Factor Authentication Request Generation
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

TA505

Score: 3.62

Matched TTPs:

T1087.003 - Email Account

MITREへのリンク →

RedCurl

Score: 3.62

Matched TTPs:

T1087.003 - Email Account

MITREへのリンク →

APT32

Score: 8.00

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

BRONZE BUTLER

Score: 5.34

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT33

Score: 5.63

Matched TTPs:

T1552.006 - Group Policy Preferences
T1203 - Exploitation for Client Execution

MITREへのリンク →

Wizard Spider

Score: 7.75

Matched TTPs:

T1552.006 - Group Policy Preferences
T1555.004 - Windows Credential Manager

MITREへのリンク →

Scattered Spider

Score: 7.28

Matched TTPs:

T1621 - Multi-Factor Authentication Request Generation
T1598 - Phishing for Information

MITREへのリンク →

Turla

Score: 14.67

Matched TTPs:

T1069.001 - Local Groups
T1102.002 - Bidirectional Communication
T1555.004 - Windows Credential Manager
T1584.004 - Server
T1078.003 - Local Accounts

MITREへのリンク →

Tonto Team

Score: 4.65

Matched TTPs:

T1069.001 - Local Groups
T1203 - Exploitation for Client Execution

MITREへのリンク →

admin@338

Score: 4.65

Matched TTPs:

T1069.001 - Local Groups
T1203 - Exploitation for Client Execution

MITREへのリンク →

Chimera

Score: 9.42

Matched TTPs:

T1069.001 - Local Groups
T1589.001 - Credentials
T1680 - Local Storage Discovery

MITREへのリンク →

Volt Typhoon

Score: 8.82

Matched TTPs:

T1069.001 - Local Groups
T1584.004 - Server
T1680 - Local Storage Discovery

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

Threat Group-3390

Score: 4.65

Matched TTPs:

T1055.012 - Process Hollowing
T1203 - Exploitation for Client Execution

MITREへのリンク →

Patchwork

Score: 7.48

Matched TTPs:

T1055.012 - Process Hollowing
T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

BlackByte

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

menuPass

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

APT37

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lazarus Group

Score: 16.21

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1584.004 - Server
T1027.007 - Dynamic API Resolution
T1680 - Local Storage Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

FIN7

Score: 5.06

Matched TTPs:

T1102.002 - Bidirectional Communication
T1078.003 - Local Accounts

MITREへのリンク →

MuddyWater

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

ZIRCONIUM

Score: 5.84

Matched TTPs:

T1102.002 - Bidirectional Communication
T1598 - Phishing for Information

MITREへのリンク →

Dragonfly

Score: 7.95

Matched TTPs:

T1203 - Exploitation for Client Execution
T1036.010 - Masquerade Account Name
T1584.004 - Server

MITREへのリンク →

EXOTIC LILY

Score: 4.02

Matched TTPs:

T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Confucius

Score: 4.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

Axiom

Score: 6.03

Matched TTPs:

T1203 - Exploitation for Client Execution
T1001.002 - Steganography

MITREへのリンク →

Higaisa

Score: 4.33

Matched TTPs:

T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery

MITREへのリンク →

APT3

Score: 5.12

Matched TTPs:

T1203 - Exploitation for Client Execution
T1036.010 - Masquerade Account Name

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Tropic Trooper

Score: 6.99

Matched TTPs:

T1203 - Exploitation for Client Execution
T1680 - Local Storage Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Ember Bear

Score: 4.93

Matched TTPs:

T1203 - Exploitation for Client Execution
T1585 - Establish Accounts

MITREへのリンク →

Moonstone Sleet

Score: 5.96

Matched TTPs:

T1598 - Phishing for Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 10.50

Matched TTPs:

T1585 - Establish Accounts
T1547.013 - XDG Autostart Entries
T1566.003 - Spearphishing via Service

MITREへのリンク →

Fox Kitten

Score: 3.44

Matched TTPs:

T1585 - Establish Accounts

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1585 - Establish Accounts

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Storm-1811

Score: 6.14

Matched TTPs:

T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

ToddyCat

Score: 5.36

Matched TTPs:

T1680 - Local Storage Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN13

Score: 4.54

Matched TTPs:

T1556 - Modify Authentication Process

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79

Matched TTPs:

T1598 - Phishing for Information
T1102.002 - Bidirectional Communication
T1078.003 - Local Accounts
T1055.012 - Process Hollowing
T1680 - Local Storage Discovery
T1586.002 - Email Accounts
T1585 - Establish Accounts

MITREへのリンク →

Magic Hound

Score: 0.73

Matched TTPs:

T1036.010 - Masquerade Account Name
T1087.003 - Email Account
T1102.002 - Bidirectional Communication
T1586.002 - Email Accounts
T1566.003 - Spearphishing via Service
T1589.001 - Credentials

MITREへのリンク →

OilRig

Score: 0.72

Matched TTPs:

T1203 - Exploitation for Client Execution
T1555.004 - Windows Credential Manager
T1137.004 - Outlook Home Page
T1069.001 - Local Groups
T1586.002 - Email Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 0.66

Matched TTPs:

T1621 - Multi-Factor Authentication Request Generation
T1203 - Exploitation for Client Execution
T1550.003 - Pass the Ticket
T1078.003 - Local Accounts
T1586.002 - Email Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 0.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1102.002 - Bidirectional Communication
T1027.007 - Dynamic API Resolution
T1584.004 - Server
T1680 - Local Storage Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 0.59

Matched TTPs:

T1102.002 - Bidirectional Communication
T1078.003 - Local Accounts
T1555.004 - Windows Credential Manager
T1584.004 - Server
T1069.001 - Local Groups

MITREへのリンク →

Sandworm Team

Score: 0.58

Matched TTPs:

T1203 - Exploitation for Client Execution
T1087.003 - Email Account
T1102.002 - Bidirectional Communication
T1586.001 - Social Media Accounts
T1584.004 - Server

MITREへのリンク →

Leviathan

Score: 0.57

Matched TTPs:

T1203 - Exploitation for Client Execution
T1586.001 - Social Media Accounts
T1584.004 - Server
T1586.002 - Email Accounts
T1589.001 - Credentials

MITREへのリンク →

APT28

Score: 0.55

Matched TTPs:

T1598 - Phishing for Information
T1203 - Exploitation for Client Execution
T1102.002 - Bidirectional Communication
T1586.002 - Email Accounts
T1589.001 - Credentials

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る