Trusted Design

Jaku Analysis of a Botnet Campaign

概要

JAKU is the name given to the investigation, surveillance and analysis, by the Forcepoint Special Investigations team, of an on-going botnet campaign. This paper examines how the JAKU botnets are constructed and identifies their characteristics, and in the case of the targeted attacks, how they differ from the scattergun attacks of broader botnet activities. This study also highlights the consequences that Internet users who disregard copyrights and digital rights may face.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

JAKU – Analysis of a Botnet Campaign ICANN56 (score: 0.76)
Jaku Botnet (score: 0.72)
Botnet activity - Joomla attacking IPs (score: 0.64)
Necurs Botnet Fuels Massive Spam Campaigns Spreading Jaff Ransomware (score: 0.63)
Sakula Reloaded (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 14.33

Matched TTPs:

T1044 - File System Permissions Weakness
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1547.008 - LSASS Driver

MITREへのリンク →

Ember Bear

Score: 5.63

Matched TTPs:

T1564.008 - Email Hiding Rules
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 16.96

Matched TTPs:

T1564.008 - Email Hiding Rules
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication
T1218.010 - Regsvr32

MITREへのリンク →

Sidewinder

Score: 3.95

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32

MITREへのリンク →

Mustang Panda

Score: 18.43

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1169 - Sudo
T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

ZIRCONIUM

Score: 6.57

Matched TTPs:

T1566.002 - Spearphishing Link
T1588.001 - Malware
T1608.005 - Link Target

MITREへのリンク →

APT32

Score: 17.21

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1588.001 - Malware
T1608.005 - Link Target
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer

MITREへのリンク →

Kimsuky

Score: 19.11

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1683.001 - Written Content
T1588.001 - Malware
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1027.014 - Polymorphic Code

MITREへのリンク →

Magic Hound

Score: 10.85

Matched TTPs:

T1566.002 - Spearphishing Link
T1588.001 - Malware
T1608.005 - Link Target
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 19.07

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1146 - Clear Command History
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls

MITREへのリンク →

Star Blizzard

Score: 7.72

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication

MITREへのリンク →

Moonstone Sleet

Score: 6.95

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 10.37

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 5.72

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Patchwork

Score: 5.72

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

HAFNIUM

Score: 16.28

Matched TTPs:

T1027.008 - Stripped Payloads
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls

MITREへのリンク →

APT5

Score: 3.84

Matched TTPs:

T1027.008 - Stripped Payloads

MITREへのリンク →

Ke3chang

Score: 7.28

Matched TTPs:

T1027.008 - Stripped Payloads
T1685.005 - Clear Windows Event Logs

MITREへのリンク →

TA2541

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Earth Lusca

Score: 9.37

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

LuminousMoth

Score: 4.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1105 - Ingress Tool Transfer

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

OilRig

Score: 5.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

LazyScripter

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Gamaredon Group

Score: 3.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Threat Group-3390

Score: 5.23

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

BITTER

Score: 5.56

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1218.010 - Regsvr32

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

FIN7

Score: 8.75

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1608.005 - Link Target
T1105 - Ingress Tool Transfer

MITREへのリンク →

EXOTIC LILY

Score: 5.99

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Ferocious Kitten

Score: 3.44

Matched TTPs:

T1685.005 - Clear Windows Event Logs

MITREへのリンク →

BlackTech

Score: 4.93

Matched TTPs:

T1685.005 - Clear Windows Event Logs
T1218.010 - Regsvr32

MITREへのリンク →

Scarlet Mimic

Score: 3.44

Matched TTPs:

T1685.005 - Clear Windows Event Logs

MITREへのリンク →

BRONZE BUTLER

Score: 6.70

Matched TTPs:

T1685.005 - Clear Windows Event Logs
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN13

Score: 4.76

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

Winter Vivern

Score: 7.48

Matched TTPs:

T1588.001 - Malware
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN6

Score: 4.62

Matched TTPs:

T1588.001 - Malware
T1547.008 - LSASS Driver

MITREへのリンク →

PROMETHIUM

Score: 7.99

Matched TTPs:

T1588.001 - Malware
T1547.015 - Login Items
T1059.012 - Hypervisor CLI

MITREへのリンク →

UNC3886

Score: 7.72

Matched TTPs:

T1588.001 - Malware
T1547.015 - Login Items
T1218.010 - Regsvr32

MITREへのリンク →

Higaisa

Score: 3.59

Matched TTPs:

T1588.001 - Malware
T1218.010 - Regsvr32

MITREへのリンク →

Lazarus Group

Score: 12.56

Matched TTPs:

T1588.001 - Malware
T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer
T1547.008 - LSASS Driver

MITREへのリンク →

Storm-0501

Score: 4.84

Matched TTPs:

T1588.001 - Malware
T1027.014 - Polymorphic Code

MITREへのリンク →

APT41

Score: 3.59

Matched TTPs:

T1588.001 - Malware
T1218.010 - Regsvr32

MITREへのリンク →

Axiom

Score: 6.88

Matched TTPs:

T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volt Typhoon

Score: 6.91

Matched TTPs:

T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication

MITREへのリンク →

Turla

Score: 7.40

Matched TTPs:

T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

MuddyWater

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

APT29

Score: 10.57

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32
T1546.018 - Python Startup Hooks
T1547.008 - LSASS Driver

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

Cobalt Group

Score: 4.24

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

Leviathan

Score: 6.01

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Inception

Score: 4.24

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1027.014 - Polymorphic Code
T1059.012 - Hypervisor CLI

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT37

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Sea Turtle

Score: 6.03

Matched TTPs:

T1218.010 - Regsvr32
T1685 - Disable or Modify Tools

MITREへのリンク →

Transparent Tribe

Score: 5.92

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer

MITREへのリンク →

Tropic Trooper

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1105 - Ingress Tool Transfer

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80

Matched TTPs:

T1566.002 - Spearphishing Link
T1588.001 - Malware
T1683.001 - Written Content
T1027.014 - Polymorphic Code
T1102.003 - One-Way Communication
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

APT28

Score: 0.80

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI
T1146 - Clear Command History
T1055.008 - Ptrace System Calls
T1105 - Ingress Tool Transfer
T1218.010 - Regsvr32
T1608.005 - Link Target

MITREへのリンク →

Mustang Panda

Score: 0.79

Matched TTPs:

T1566.002 - Spearphishing Link
T1169 - Sudo
T1105 - Ingress Tool Transfer
T1102.003 - One-Way Communication
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1608.005 - Link Target

MITREへのリンク →

Sandworm Team

Score: 0.73

Matched TTPs:

T1049 - System Network Connections Discovery
T1566.002 - Spearphishing Link
T1564.008 - Email Hiding Rules
T1102.003 - One-Way Communication
T1218.010 - Regsvr32
T1091 - Replication Through Removable Media

MITREへのリンク →

APT32

Score: 0.71

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI
T1588.001 - Malware
T1027.014 - Polymorphic Code
T1105 - Ingress Tool Transfer
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1608.005 - Link Target

MITREへのリンク →

HAFNIUM

Score: 0.69

Matched TTPs:

T1049 - System Network Connections Discovery
T1055.008 - Ptrace System Calls
T1105 - Ingress Tool Transfer
T1027.008 - Stripped Payloads
T1608.005 - Link Target

MITREへのリンク →

Contagious Interview

Score: 0.60

Matched TTPs:

T1547.008 - LSASS Driver
T1044 - File System Permissions Weakness
T1102.003 - One-Way Communication
T1091 - Replication Through Removable Media
T1608.005 - Link Target

MITREへのリンク →

Lazarus Group

Score: 0.55

Matched TTPs:

T1547.008 - LSASS Driver
T1059.012 - Hypervisor CLI
T1588.001 - Malware
T1105 - Ingress Tool Transfer
T1218.010 - Regsvr32
T1608.005 - Link Target

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る