Trusted Design

Blackhole Exploit Kit Resurfaces in Live Attacks

概要

The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites. We noticed Java and PDF exploits collected by our honeypot which we haven’t seen in ages. Looking closer at the structure of this attack, we were surprised when we realized this was the infamous Blackhole. Blackhole’s author, Paunch, was arrested in October 2013 and while criminals kept using the kit for the next few months, the exploits slowly deprecated and lost value because of lack of development. The new drive-by download attacks we caught over the weekend rely on the same structure as the original Blackhole, even reusing the old PDF and Java exploits. The only difference is the malware payload being dropped, which is current and had very low detection on VirusTotal.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 19.80
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1587 - Develop Capabilities
  • T1588.005 - Exploits
MITREへのリンク →

Sea Turtle

Score: 6.85
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Ember Bear

Score: 19.03
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 7.96
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 4.50
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Contagious Interview

Score: 15.64
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1480 - Execution Guardrails
  • T1588.002 - Tool
  • T1587 - Develop Capabilities
MITREへのリンク →

Sandworm Team

Score: 22.33
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
  • T1003.003 - NTDS
MITREへのリンク →

Star Blizzard

Score: 5.86
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

FIN13

Score: 6.76
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Moonstone Sleet

Score: 7.91
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1587 - Develop Capabilities
MITREへのリンク →

Lazarus Group

Score: 21.78
Matched TTPs:
  • T1587.001 - Malware
  • T1560 - Archive Collected Data
  • T1070 - Indicator Removal
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

OilRig

Score: 10.26
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

UNC3886

Score: 7.52
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 13.00
Matched TTPs:
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1560 - Archive Collected Data
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

APT29

Score: 9.75
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Play

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Turla

Score: 12.40
Matched TTPs:
  • T1587.001 - Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Ke3chang

Score: 9.35
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Mustang Panda

Score: 16.51
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1070 - Indicator Removal
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
MITREへのリンク →

TeamTNT

Score: 4.07
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
MITREへのリンク →

FIN7

Score: 11.82
Matched TTPs:
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Transparent Tribe

Score: 6.29
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Dragonfly

Score: 16.38
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1003.003 - NTDS
MITREへのリンク →

CURIUM

Score: 4.80
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT32

Score: 15.55
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1560 - Archive Collected Data
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Threat Group-3390

Score: 14.72
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Mustard Tempest

Score: 6.77
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 5.28
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Earth Lusca

Score: 11.35
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

LazyScripter

Score: 4.43
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
MITREへのリンク →

Gamaredon Group

Score: 9.06
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1480 - Execution Guardrails
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

TA505

Score: 5.28
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

BlackByte

Score: 9.88
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1480 - Execution Guardrails
MITREへのリンク →

BITTER

Score: 4.32
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

HEXANE

Score: 5.22
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Saint Bear

Score: 3.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT42

Score: 6.44
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070 - Indicator Removal
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 7.49
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1003.003 - NTDS
MITREへのリンク →

APT28

Score: 21.58
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1003.003 - NTDS
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

BlackTech

Score: 3.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Magic Hound

Score: 6.48
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
MITREへのリンク →

Medusa Group

Score: 8.79
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Fox Kitten

Score: 3.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1003.003 - NTDS
MITREへのリンク →

menuPass

Score: 7.25
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Winter Vivern

Score: 3.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1189 - Drive-by Compromise
MITREへのリンク →

Leviathan

Score: 10.15
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Axiom

Score: 7.32
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT41

Score: 6.15
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1003.003 - NTDS
MITREへのリンク →

HAFNIUM

Score: 3.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1003.003 - NTDS
MITREへのリンク →

APT5

Score: 5.09
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1070 - Indicator Removal
MITREへのリンク →

MuddyWater

Score: 6.21
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT39

Score: 4.72
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Patchwork

Score: 6.70
Matched TTPs:
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN6

Score: 5.78
Matched TTPs:
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

LAPSUS$

Score: 5.65
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

APT1

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Aquatic Panda

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Andariel

Score: 5.72
Matched TTPs:
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Scattered Spider

Score: 5.65
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

BRONZE BUTLER

Score: 7.95
Matched TTPs:
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

DarkVishnya

Score: 5.39
Matched TTPs:
  • T1588.002 - Tool
  • T1200 - Hardware Additions
MITREへのリンク →

Wizard Spider

Score: 3.19
Matched TTPs:
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Chimera

Score: 3.19
Matched TTPs:
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT37

Score: 5.66
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Daggerfly

Score: 4.60
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.83
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1588.002 - Tool
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1608.001 - Upload Malware
  • T1584.004 - Server
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1003.003 - NTDS
MITREへのリンク →

APT28

Score: 0.81
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1190 - Exploit Public-Facing Application
  • T1211 - Exploitation for Defense Evasion
  • T1498 - Network Denial of Service
  • T1203 - Exploitation for Client Execution
  • T1560 - Archive Collected Data
  • T1003.003 - NTDS
MITREへのリンク →

Lazarus Group

Score: 0.80
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1584.004 - Server
  • T1070 - Indicator Removal
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1560 - Archive Collected Data
MITREへのリンク →

Kimsuky

Score: 0.71
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1588.002 - Tool
  • T1587 - Develop Capabilities
  • T1190 - Exploit Public-Facing Application
  • T1608.001 - Upload Malware
  • T1588.005 - Exploits
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
MITREへのリンク →

Ember Bear

Score: 0.69
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.005 - Exploits
  • T1583 - Acquire Infrastructure
  • T1203 - Exploitation for Client Execution
  • T1560 - Archive Collected Data
MITREへのリンク →

Dragonfly

Score: 0.63
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1190 - Exploit Public-Facing Application
  • T1608.004 - Drive-by Target
  • T1584.004 - Server
  • T1203 - Exploitation for Client Execution
  • T1560 - Archive Collected Data
  • T1003.003 - NTDS
MITREへのリンク →

Mustang Panda

Score: 0.62
Matched TTPs:
  • T1588.002 - Tool
  • T1027.007 - Dynamic API Resolution
  • T1608.001 - Upload Malware
  • T1070 - Indicator Removal
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1003.003 - NTDS
MITREへのリンク →

APT32

Score: 0.61
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1550.003 - Pass the Ticket
  • T1560 - Archive Collected Data
MITREへのリンク →

Threat Group-3390

Score: 0.58
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1190 - Exploit Public-Facing Application
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1608.002 - Upload Tool
MITREへのリンク →

Contagious Interview

Score: 0.56
Matched TTPs:
  • T1588.002 - Tool
  • T1587 - Develop Capabilities
  • T1480 - Execution Guardrails
  • T1608.001 - Upload Malware
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る