Trusted Design

Group 123 (update June 4th 2018)

概要

A recent post from EST Security (http://blog.alyac.co.kr/1587) revealed the use of Android spyware in spear phishing email attachments linked to the North Korean Reaper (https://www.fireeye.com/blog/threat-research/2018/02/apt37-overlooked-north-korean-actor.html) group (also known as APT37, Scarcruft, Group 123 or Red Eyes), highlighting a new mobile vector added to the threat group’s toolkit. Unit 42 has looked further into EST’s findings and found a more advanced variant of the Trojan mentioned in their original article. Talos has written on this variant and named it KevDroid (http://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html).

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Reaper Group Updated Mobile Arsenal (score: 0.84)
ZBot Malware (score: 0.66)
Banking Trojan infected dozens of Android apps worldwide (score: 0.66)
Android Trojan C2 (score: 0.66)
RuMMS: The Latest Family of Android Malware (score: 0.66)

このPulseに関連する脅威アクター (事実ベース)

Sidewinder

Score: 7.44

Matched TTPs:

T1598.003 - Spearphishing Link
T1598.002 - Spearphishing Attachment
T1204.001 - Malicious Link

MITREへのリンク →

Scattered Spider

Score: 5.90

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information

MITREへのリンク →

Mustang Panda

Score: 6.85

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1204.001 - Malicious Link

MITREへのリンク →

Sandworm Team

Score: 9.13

Matched TTPs:

T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1592.002 - Software
T1204.001 - Malicious Link

MITREへのリンク →

ZIRCONIUM

Score: 9.35

Matched TTPs:

T1598.003 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1598 - Phishing for Information
T1204.001 - Malicious Link

MITREへのリンク →

APT32

Score: 8.66

Matched TTPs:

T1598.003 - Spearphishing Link
T1036.004 - Masquerade Task or Service
T1218.010 - Regsvr32
T1204.001 - Malicious Link

MITREへのリンク →

Kimsuky

Score: 20.48

Matched TTPs:

T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1534 - Internal Spearphishing
T1566 - Phishing
T1218.010 - Regsvr32
T1598 - Phishing for Information
T1204.001 - Malicious Link

MITREへのリンク →

Magic Hound

Score: 11.23

Matched TTPs:

T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1592.002 - Software
T1204.001 - Malicious Link

MITREへのリンク →

APT28

Score: 20.43

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1190 - Exploit Public-Facing Application
T1557.004 - Evil Twin
T1598 - Phishing for Information
T1204.001 - Malicious Link
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Star Blizzard

Score: 6.08

Matched TTPs:

T1598.003 - Spearphishing Link
T1598.002 - Spearphishing Attachment

MITREへのリンク →

Moonstone Sleet

Score: 5.90

Matched TTPs:

T1598.003 - Spearphishing Link
T1598 - Phishing for Information

MITREへのリンク →

Dragonfly

Score: 7.55

Matched TTPs:

T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1598.002 - Spearphishing Attachment

MITREへのリンク →

Patchwork

Score: 3.82

Matched TTPs:

T1598.003 - Spearphishing Link
T1204.001 - Malicious Link

MITREへのリンク →

Gamaredon Group

Score: 12.55

Matched TTPs:

T1091 - Replication Through Removable Media
T1534 - Internal Spearphishing
T1001 - Data Obfuscation
T1204.001 - Malicious Link

MITREへのリンク →

LuminousMoth

Score: 4.39

Matched TTPs:

T1091 - Replication Through Removable Media
T1204.001 - Malicious Link

MITREへのリンク →

Aoqin Dragon

Score: 3.03

Matched TTPs:

T1091 - Replication Through Removable Media

MITREへのリンク →

Darkhotel

Score: 3.03

Matched TTPs:

T1091 - Replication Through Removable Media

MITREへのリンク →

FIN7

Score: 7.96

Matched TTPs:

T1091 - Replication Through Removable Media
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1204.001 - Malicious Link

MITREへのリンク →

Tropic Trooper

Score: 5.78

Matched TTPs:

T1091 - Replication Through Removable Media
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Threat Group-3390

Score: 5.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1608.002 - Upload Tool

MITREへのリンク →

BackdoorDiplomacy

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566 - Phishing

MITREへのリンク →

FIN13

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Medusa Group

Score: 8.35

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1608.002 - Upload Tool
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Sea Turtle

Score: 4.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566 - Phishing

MITREへのリンク →

Storm-0501

Score: 6.31

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1218.010 - Regsvr32

MITREへのリンク →

Fox Kitten

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Blue Mockingbird

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32

MITREへのリンク →

Winter Vivern

Score: 4.93

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1204.001 - Malicious Link

MITREへのリンク →

APT29

Score: 11.91

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.004 - Domain Fronting
T1027.006 - HTML Smuggling
T1204.001 - Malicious Link

MITREへのリンク →

Leviathan

Score: 9.20

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1534 - Internal Spearphishing
T1218.010 - Regsvr32
T1204.001 - Malicious Link

MITREへのリンク →

INC Ransom

Score: 4.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566 - Phishing

MITREへのリンク →

UNC3886

Score: 7.70

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Axiom

Score: 4.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566 - Phishing

MITREへのリンク →

APT41

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Contagious Interview

Score: 5.49

Matched TTPs:

T1681 - Search Threat Vendor Data
T1204.001 - Malicious Link

MITREへのリンク →

Wizard Spider

Score: 7.59

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1552.006 - Group Policy Preferences
T1204.001 - Malicious Link

MITREへのリンク →

FIN6

Score: 4.84

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

SideCopy

Score: 3.62

Matched TTPs:

T1598.002 - Spearphishing Attachment

MITREへのリンク →

APT33

Score: 5.49

Matched TTPs:

T1552.006 - Group Policy Preferences
T1204.001 - Malicious Link

MITREへのリンク →

HEXANE

Score: 3.62

Matched TTPs:

T1534 - Internal Spearphishing

MITREへのリンク →

AppleJeus

Score: 3.29

Matched TTPs:

T1566 - Phishing

MITREへのリンク →

Cobalt Group

Score: 6.85

Matched TTPs:

T1218.010 - Regsvr32
T1573.002 - Asymmetric Cryptography
T1204.001 - Malicious Link

MITREへのリンク →

Andariel

Score: 3.84

Matched TTPs:

T1592.002 - Software

MITREへのリンク →

Storm-1811

Score: 4.54

Matched TTPs:

T1566.004 - Spearphishing Voice

MITREへのリンク →

TA2541

Score: 4.11

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1204.001 - Malicious Link

MITREへのリンク →

Velvet Ant

Score: 6.88

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

RedCurl

Score: 4.11

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1204.001 - Malicious Link

MITREへのリンク →

OilRig

Score: 4.11

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1204.001 - Malicious Link

MITREへのリンク →

FIN8

Score: 4.11

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1204.001 - Malicious Link

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Mustard Tempest

Score: 5.90

Matched TTPs:

T1608.006 - SEO Poisoning
T1204.001 - Malicious Link

MITREへのリンク →

PLATINUM

Score: 4.54

Matched TTPs:

T1056.004 - Credential API Hooking

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.85

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1204.001 - Malicious Link
T1598.003 - Spearphishing Link
T1557.004 - Evil Twin
T1598 - Phishing for Information
T1091 - Replication Through Removable Media
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Kimsuky

Score: 0.84

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1204.001 - Malicious Link
T1534 - Internal Spearphishing
T1218.010 - Regsvr32
T1598.003 - Spearphishing Link
T1566 - Phishing
T1598 - Phishing for Information

MITREへのリンク →

Gamaredon Group

Score: 0.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1204.001 - Malicious Link
T1534 - Internal Spearphishing
T1001 - Data Obfuscation

MITREへのリンク →

APT29

Score: 0.55

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.004 - Domain Fronting
T1204.001 - Malicious Link
T1027.006 - HTML Smuggling

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る