Trusted Design

InvisiMole: surprisingly equipped spyware, undercover since 2013

概要

This is the modus operandi of the two malicious components of InvisiMole. They turn the affected computer into a video camera, letting the attackers see and hear what’s going on in the victim’s office or wherever their device may be. Uninvited, InvisiMole’s operators access the system, closely monitoring the victim’s activities and stealing the victim’s secrets.

Created: 2026-02-23

Indicators

類似Pulses

InvisiMole spyware hunting for secrets while staying deep in the shadows (score: 0.75)
Inside the spyware campaign against Argentine troublemakers (score: 0.63)
Ratcheting Down on JSocket: A PC and Android Threat (score: 0.59)
BusyGasper – the unfriendly spy (score: 0.58)
Data-Stealing NionSpy File Infector (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

BRONZE BUTLER

Score: 10.54

Matched TTPs:

T1156 - Malicious Shell Modification
T1558 - Steal or Forge Kerberos Tickets
T1542.004 - ROMMONkit
T1562.011 - Spoof Security Alerting

MITREへのリンク →

Gamaredon Group

Score: 17.79

Matched TTPs:

T1156 - Malicious Shell Modification
T1552.005 - Cloud Instance Metadata API
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1606.001 - Web Cookies
T1542.004 - ROMMONkit

MITREへのリンク →

OilRig

Score: 15.32

Matched TTPs:

T1156 - Malicious Shell Modification
T1552.005 - Cloud Instance Metadata API
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1526 - Cloud Service Discovery

MITREへのリンク →

APT28

Score: 31.06

Matched TTPs:

T1156 - Malicious Shell Modification
T1499.001 - OS Exhaustion Flood
T1552.005 - Cloud Instance Metadata API
T1058 - Service Registry Permissions Weakness
T1558 - Steal or Forge Kerberos Tickets
T1542.004 - ROMMONkit
T1548.004 - Elevated Execution with Prompt
T1588.003 - Code Signing Certificates
T1546.007 - Netsh Helper DLL

MITREへのリンク →

APT42

Score: 7.88

Matched TTPs:

T1156 - Malicious Shell Modification
T1091 - Replication Through Removable Media
T1677 - Poisoned Pipeline Execution

MITREへのリンク →

Magic Hound

Score: 10.26

Matched TTPs:

T1156 - Malicious Shell Modification
T1070.003 - Clear Command History
T1187 - Forced Authentication

MITREへのリンク →

MuddyWater

Score: 5.32

Matched TTPs:

T1156 - Malicious Shell Modification
T1562.011 - Spoof Security Alerting

MITREへのリンク →

Winter Vivern

Score: 4.47

Matched TTPs:

T1156 - Malicious Shell Modification
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Silence

Score: 6.13

Matched TTPs:

T1156 - Malicious Shell Modification
T1098.004 - SSH Authorized Keys

MITREへのリンク →

Kimsuky

Score: 12.44

Matched TTPs:

T1156 - Malicious Shell Modification
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1565.002 - Transmitted Data Manipulation
T1526 - Cloud Service Discovery

MITREへのリンク →

FIN7

Score: 17.77

Matched TTPs:

T1156 - Malicious Shell Modification
T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1011.001 - Exfiltration Over Bluetooth
T1098.004 - SSH Authorized Keys

MITREへのリンク →

Ember Bear

Score: 10.16

Matched TTPs:

T1564.008 - Email Hiding Rules
T1558 - Steal or Forge Kerberos Tickets
T1098.004 - SSH Authorized Keys

MITREへのリンク →

Sandworm Team

Score: 14.23

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1187 - Forced Authentication

MITREへのリンク →

Winnti Group

Score: 3.29

Matched TTPs:

T1499.001 - OS Exhaustion Flood

MITREへのリンク →

APT41

Score: 3.29

Matched TTPs:

T1499.001 - OS Exhaustion Flood

MITREへのリンク →

Rocke

Score: 3.29

Matched TTPs:

T1499.001 - OS Exhaustion Flood

MITREへのリンク →

TeamTNT

Score: 9.54

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

UNC3886

Score: 5.38

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1606.002 - SAML Tokens

MITREへのリンク →

APT37

Score: 11.19

Matched TTPs:

T1485.001 - Lifecycle-Triggered Deletion
T1562.011 - Spoof Security Alerting
T1216 - System Script Proxy Execution

MITREへのリンク →

Turla

Score: 5.72

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1606.002 - SAML Tokens

MITREへのリンク →

FIN13

Score: 4.28

Matched TTPs:

T1606.002 - SAML Tokens
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Moonstone Sleet

Score: 4.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media

MITREへのリンク →

Lazarus Group

Score: 13.18

Matched TTPs:

T1606.002 - SAML Tokens
T1677 - Poisoned Pipeline Execution
T1606.001 - Web Cookies
T1216 - System Script Proxy Execution

MITREへのリンク →

Contagious Interview

Score: 9.18

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

LuminousMoth

Score: 7.10

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media

MITREへのリンク →

APT29

Score: 6.63

Matched TTPs:

T1606.002 - SAML Tokens
T1546.018 - Python Startup Hooks

MITREへのリンク →

Aoqin Dragon

Score: 7.32

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

RedCurl

Score: 5.13

Matched TTPs:

T1606.002 - SAML Tokens
T1542.004 - ROMMONkit

MITREへのリンク →

Mustang Panda

Score: 16.80

Matched TTPs:

T1606.002 - SAML Tokens
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1677 - Poisoned Pipeline Execution
T1565.002 - Transmitted Data Manipulation
T1526 - Cloud Service Discovery

MITREへのリンク →

Darkhotel

Score: 3.03

Matched TTPs:

T1058 - Service Registry Permissions Weakness

MITREへのリンク →

Tropic Trooper

Score: 6.07

Matched TTPs:

T1058 - Service Registry Permissions Weakness
T1562.011 - Spoof Security Alerting

MITREへのリンク →

BlackByte

Score: 9.95

Matched TTPs:

T1070.003 - Clear Command History
T1091 - Replication Through Removable Media
T1606.001 - Web Cookies

MITREへのリンク →

Earth Lusca

Score: 5.01

Matched TTPs:

T1091 - Replication Through Removable Media
T1562.011 - Spoof Security Alerting

MITREへのリンク →

LazyScripter

Score: 4.16

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Threat Group-3390

Score: 5.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1526 - Cloud Service Discovery

MITREへのリンク →

APT32

Score: 4.16

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

menuPass

Score: 5.22

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1542.004 - ROMMONkit

MITREへのリンク →

Storm-1811

Score: 5.12

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

TA551

Score: 5.22

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1562.011 - Spoof Security Alerting

MITREへのリンク →

PLATINUM

Score: 6.72

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1686 - Disable or Modify System Firewall

MITREへのリンク →

APT5

Score: 3.62

Matched TTPs:

T1677 - Poisoned Pipeline Execution

MITREへのリンク →

Scattered Spider

Score: 7.06

Matched TTPs:

T1619 - Cloud Storage Object Discovery
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1619 - Cloud Storage Object Discovery

MITREへのリンク →

Sowbug

Score: 3.03

Matched TTPs:

T1542.004 - ROMMONkit

MITREへのリンク →

Chimera

Score: 3.03

Matched TTPs:

T1542.004 - ROMMONkit

MITREへのリンク →

Fox Kitten

Score: 3.03

Matched TTPs:

T1542.004 - ROMMONkit

MITREへのリンク →

Andariel

Score: 6.88

Matched TTPs:

T1187 - Forced Authentication
T1562.011 - Spoof Security Alerting

MITREへのリンク →

Leviathan

Score: 3.03

Matched TTPs:

T1562.011 - Spoof Security Alerting

MITREへのリンク →

HAFNIUM

Score: 4.13

Matched TTPs:

T1518.001 - Security Software Discovery

MITREへのリンク →

Storm-0501

Score: 7.06

Matched TTPs:

T1518.001 - Security Software Discovery
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

Wizard Spider

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

FIN8

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

APT38

Score: 3.62

Matched TTPs:

T1216 - System Script Proxy Execution

MITREへのリンク →

Medusa Group

Score: 8.16

Matched TTPs:

T1216 - System Script Proxy Execution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.81

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1558 - Steal or Forge Kerberos Tickets
T1546.007 - Netsh Helper DLL
T1542.004 - ROMMONkit
T1058 - Service Registry Permissions Weakness
T1156 - Malicious Shell Modification
T1552.005 - Cloud Instance Metadata API
T1548.004 - Elevated Execution with Prompt
T1588.003 - Code Signing Certificates

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る