Trusted Design

Blackhole Exploit Kit Resurfaces in Live Attacks

概要

The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites. We noticed Java and PDF exploits collected by our honeypot which we haven’t seen in ages. Looking closer at the structure of this attack, we were surprised when we realized this was the infamous Blackhole. Blackhole’s author, Paunch, was arrested in October 2013 and while criminals kept using the kit for the next few months, the exploits slowly deprecated and lost value because of lack of development. The new drive-by download attacks we caught over the weekend rely on the same structure as the original Blackhole, even reusing the old PDF and Java exploits. The only difference is the malware payload being dropped, which is current and had very low detection on VirusTotal.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 19.80
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 6.85
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Ember Bear

Score: 19.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 7.96
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 4.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Contagious Interview

Score: 15.64
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1199 - Trusted Relationship
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Sandworm Team

Score: 22.33
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Star Blizzard

Score: 5.86
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

FIN13

Score: 6.76
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 7.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Lazarus Group

Score: 21.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1550 - Use Alternate Authentication Material
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
MITREへのリンク →

OilRig

Score: 10.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

UNC3886

Score: 7.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 13.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1550 - Use Alternate Authentication Material
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 9.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Play

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 12.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Ke3chang

Score: 9.35
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Mustang Panda

Score: 16.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TeamTNT

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

FIN7

Score: 11.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Transparent Tribe

Score: 6.29
Matched TTPs:
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Dragonfly

Score: 16.38
Matched TTPs:
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
MITREへのリンク →

CURIUM

Score: 4.80
Matched TTPs:
  • T1115 - Clipboard Data
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT32

Score: 15.55
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1550 - Use Alternate Authentication Material
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Threat Group-3390

Score: 14.72
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 6.77
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 5.28
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Earth Lusca

Score: 11.35
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

LazyScripter

Score: 4.43
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

Gamaredon Group

Score: 9.06
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

TA505

Score: 5.28
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackByte

Score: 9.88
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1562.010 - Downgrade Attack
MITREへのリンク →

BITTER

Score: 4.32
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

HEXANE

Score: 5.22
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Saint Bear

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 6.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 7.49
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT28

Score: 21.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1548.006 - TCC Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackTech

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 6.48
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Medusa Group

Score: 8.79
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Fox Kitten

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548.006 - TCC Manipulation
MITREへのリンク →

menuPass

Score: 7.25
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Winter Vivern

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Leviathan

Score: 10.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Axiom

Score: 7.32
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT41

Score: 6.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
MITREへのリンク →

HAFNIUM

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT5

Score: 5.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

MuddyWater

Score: 6.21
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 4.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Patchwork

Score: 6.70
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN6

Score: 5.78
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

LAPSUS$

Score: 5.65
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT1

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Aquatic Panda

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Andariel

Score: 5.72
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Scattered Spider

Score: 5.65
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 7.95
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

DarkVishnya

Score: 5.39
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

Wizard Spider

Score: 3.19
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Chimera

Score: 3.19
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

APT37

Score: 5.66
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 4.60
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.83
Matched TTPs:
  • T1005 - Data from Local System
  • T1606.002 - SAML Tokens
  • T1546.016 - Installer Packages
  • T1033 - System Owner/User Discovery
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT28

Score: 0.81
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1566.003 - Spearphishing via Service
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1146 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Lazarus Group

Score: 0.80
Matched TTPs:
  • T1546.016 - Installer Packages
  • T1606.002 - SAML Tokens
  • T1059.012 - Hypervisor CLI
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1677 - Poisoned Pipeline Execution
  • T1547.002 - Authentication Package
  • T1199 - Trusted Relationship
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 0.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1033 - System Owner/User Discovery
  • T1003.003 - NTDS
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1126 - Network Share Connection Removal
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Ember Bear

Score: 0.69
Matched TTPs:
  • T1005 - Data from Local System
  • T1550 - Use Alternate Authentication Material
  • T1033 - System Owner/User Discovery
  • T1136.002 - Domain Account
  • T1003.003 - NTDS
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Dragonfly

Score: 0.63
Matched TTPs:
  • T1546.016 - Installer Packages
  • T1059.012 - Hypervisor CLI
  • T1115 - Clipboard Data
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Mustang Panda

Score: 0.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT32

Score: 0.61
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1592.004 - Client Configurations
  • T1115 - Clipboard Data
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Threat Group-3390

Score: 0.58
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1199 - Trusted Relationship
  • T1218.003 - CMSTP
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Contagious Interview

Score: 0.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1562.010 - Downgrade Attack
  • T1199 - Trusted Relationship
  • T1126 - Network Share Connection Removal
  • T1091 - Replication Through Removable Media
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る