Pulse Detail-

BlackEnergy Malware

概要

These attacks are active and ongoing as of early January, 2016. The BlackEnergy family of malware first appeared on the scene in 2007, as a botnet engine to perform Distributed Denial of Service (DDoS) attacks. By 2010, BlackEnergy 2 had developed rootkit capabilities. In 2014 and 2015, it dropped rootkit capability, and improved modularity with a plug-in framework, reducing its footprint on the network and the victim machines. In 2013, Quedagh variants also gained capabilities to bypass 64-bit Windows' User Access Controls (UAC) and driver signing. The architecture includes plug-ins for network discovery, information theft, remote code execution, credential theft, and data destruction, among others. Variants support both Windows and Linux targets, including ARM/MIPS architectures, as well as some Cisco routers and some SCADA equipment. Several BlackEnergy variants are available on the open market in the Russian cyber underground.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

BlackEnergy APT Attacks in Ukraine employ spearphishing Word (score: 0.73)
Updated BlackEnergy Trojan Grows More Powerful (McAfee) (score: 0.67)
BlackEnergy by the SSHBearDoor (score: 0.67)
20160203-BlackEnergy by maldoc,Malware (score: 0.64)
New wave of cyberattacks against Ukrainian power industry (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 43.72

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1007 - System Service Discovery
T1082 - System Information Discovery
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1055 - Process Injection
T1657 - Financial Theft
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1218.010 - Regsvr32
T1219.002 - Remote Desktop Software
T1027.002 - Software Packing
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol
T1587 - Develop Capabilities
T1588.005 - Exploits
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Sea Turtle

Score: 6.85

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Ember Bear

Score: 20.98

Matched TTPs:

T1583 - Acquire Infrastructure
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1210 - Exploitation of Remote Services
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

Indrik Spider

Score: 11.10

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1007 - System Service Discovery
T1562.001 - Disable or Modify Tools
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Agrius

Score: 7.95

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1562.001 - Disable or Modify Tools
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Contagious Interview

Score: 25.52

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1082 - System Information Discovery
T1608.001 - Upload Malware
T1657 - Financial Theft
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1219.002 - Remote Desktop Software
T1587 - Develop Capabilities
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Sandworm Team

Score: 32.04

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1082 - System Information Discovery
T1106 - Native API
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1499 - Endpoint Denial of Service
T1003.003 - NTDS
T1490 - Inhibit System Recovery

MITREへのリンク →

Star Blizzard

Score: 5.86

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1588.002 - Tool

MITREへのリンク →

Winnti Group

Score: 3.29

Matched TTPs:

T1014 - Rootkit

MITREへのリンク →

APT41

Score: 25.77

Matched TTPs:

T1014 - Rootkit
T1069 - Permission Groups Discovery
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1055 - Process Injection
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1027.002 - Software Packing
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS
T1569.002 - Service Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Rocke

Score: 13.10

Matched TTPs:

T1014 - Rootkit
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1562.001 - Disable or Modify Tools
T1027.002 - Software Packing
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TeamTNT

Score: 14.93

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1007 - System Service Discovery
T1082 - System Information Discovery
T1608.001 - Upload Malware
T1562.001 - Disable or Modify Tools
T1027.002 - Software Packing

MITREへのリンク →

APT28

Score: 29.53

Matched TTPs:

T1014 - Rootkit
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1498 - Network Denial of Service
T1003.003 - NTDS
T1550.001 - Application Access Token
T1669 - Wi-Fi Networks
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

UNC3886

Score: 16.73

Matched TTPs:

T1014 - Rootkit
T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1205.001 - Port Knocking
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution

MITREへのリンク →

Scattered Spider

Score: 26.86

Matched TTPs:

T1069 - Permission Groups Discovery
T1082 - System Information Discovery
T1588.001 - Malware
T1657 - Financial Theft
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1219.002 - Remote Desktop Software
T1538 - Cloud Service Dashboard
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS
T1490 - Inhibit System Recovery

MITREへのリンク →

TA505

Score: 14.70

Matched TTPs:

T1069 - Permission Groups Discovery
T1106 - Native API
T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1027.002 - Software Packing

MITREへのリンク →

Volt Typhoon

Score: 17.79

Matched TTPs:

T1069 - Permission Groups Discovery
T1007 - System Service Discovery
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1588.002 - Tool
T1027.002 - Software Packing
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS

MITREへのリンク →

APT3

Score: 9.69

Matched TTPs:

T1069 - Permission Groups Discovery
T1082 - System Information Discovery
T1203 - Exploitation for Client Execution
T1027.002 - Software Packing
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

FIN13

Score: 15.42

Matched TTPs:

T1069 - Permission Groups Discovery
T1587.001 - Malware
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS

MITREへのリンク →

Moonstone Sleet

Score: 14.04

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery
T1608.001 - Upload Malware
T1587 - Develop Capabilities
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 20.78

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery
T1106 - Native API
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

OilRig

Score: 27.67

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1082 - System Information Discovery
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

LuminousMoth

Score: 7.38

Matched TTPs:

T1587.001 - Malware
T1608.001 - Upload Malware
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Salt Typhoon

Score: 7.16

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT29

Score: 18.64

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1573 - Encrypted Channel
T1203 - Exploitation for Client Execution
T1651 - Cloud Administration Command
T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

Play

Score: 9.94

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Aoqin Dragon

Score: 6.49

Matched TTPs:

T1587.001 - Malware
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

RedCurl

Score: 3.30

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery

MITREへのリンク →

Moses Staff

Score: 5.62

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool

MITREへのリンク →

Turla

Score: 23.43

Matched TTPs:

T1587.001 - Malware
T1007 - System Service Discovery
T1082 - System Information Discovery
T1106 - Native API
T1055 - Process Injection
T1553.006 - Code Signing Policy Modification
T1588.001 - Malware
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1555.004 - Windows Credential Manager

MITREへのリンク →

Ke3chang

Score: 16.73

Matched TTPs:

T1587.001 - Malware
T1583.005 - Botnet
T1007 - System Service Discovery
T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1003.003 - NTDS
T1569.002 - Service Execution

MITREへのリンク →

Mustang Panda

Score: 25.20

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery
T1106 - Native API
T1608.001 - Upload Malware
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1219.002 - Remote Desktop Software
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution
T1003.003 - NTDS
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN7

Score: 18.92

Matched TTPs:

T1587.001 - Malware
T1082 - System Information Discovery
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1674 - Input Injection
T1210 - Exploitation of Remote Services
T1588.002 - Tool
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Earth Lusca

Score: 16.56

Matched TTPs:

T1547.012 - Print Processors
T1007 - System Service Discovery
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1210 - Exploitation of Remote Services
T1588.002 - Tool

MITREへのリンク →

HAFNIUM

Score: 15.41

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1003.003 - NTDS
T1550.001 - Application Access Token

MITREへのリンク →

APT5

Score: 9.42

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1055 - Process Injection
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

BRONZE BUTLER

Score: 9.95

Matched TTPs:

T1007 - System Service Discovery
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Aquatic Panda

Score: 10.48

Matched TTPs:

T1007 - System Service Discovery
T1082 - System Information Discovery
T1588.001 - Malware
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Chimera

Score: 12.05

Matched TTPs:

T1007 - System Service Discovery
T1106 - Native API
T1588.002 - Tool
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS
T1569.002 - Service Execution

MITREへのリンク →

admin@338

Score: 5.22

Matched TTPs:

T1007 - System Service Discovery
T1082 - System Information Discovery
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT1

Score: 7.48

Matched TTPs:

T1007 - System Service Discovery
T1588.001 - Malware
T1588.002 - Tool
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT38

Score: 17.59

Matched TTPs:

T1565.003 - Runtime Data Manipulation
T1082 - System Information Discovery
T1106 - Native API
T1055 - Process Injection
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1027.002 - Software Packing
T1569.002 - Service Execution

MITREへのリンク →

BlackByte

Score: 20.37

Matched TTPs:

T1082 - System Information Discovery
T1562 - Impair Defenses
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1055 - Process Injection
T1562.001 - Disable or Modify Tools
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution
T1490 - Inhibit System Recovery

MITREへのリンク →

ZIRCONIUM

Score: 3.26

Matched TTPs:

T1082 - System Information Discovery
T1027.002 - Software Packing

MITREへのリンク →

Blue Mockingbird

Score: 10.32

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1218.010 - Regsvr32
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

HEXANE

Score: 5.68

Matched TTPs:

T1082 - System Information Discovery
T1608.001 - Upload Malware
T1588.002 - Tool
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

TA2541

Score: 12.80

Matched TTPs:

T1082 - System Information Discovery
T1608.001 - Upload Malware
T1055 - Process Injection
T1588.001 - Malware
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1027.002 - Software Packing

MITREへのリンク →

Gamaredon Group

Score: 10.57

Matched TTPs:

T1082 - System Information Discovery
T1106 - Native API
T1608.001 - Upload Malware
T1055 - Process Injection
T1588.002 - Tool
T1562.001 - Disable or Modify Tools

MITREへのリンク →

APT37

Score: 7.44

Matched TTPs:

T1082 - System Information Discovery
T1106 - Native API
T1055 - Process Injection
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 15.87

Matched TTPs:

T1082 - System Information Discovery
T1608.001 - Upload Malware
T1055 - Process Injection
T1588.002 - Tool
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1569.002 - Service Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Inception

Score: 6.29

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

Higaisa

Score: 4.99

Matched TTPs:

T1082 - System Information Discovery
T1106 - Native API
T1203 - Exploitation for Client Execution

MITREへのリンク →

CURIUM

Score: 3.73

Matched TTPs:

T1082 - System Information Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Malteiro

Score: 3.73

Matched TTPs:

T1082 - System Information Discovery
T1657 - Financial Theft

MITREへのリンク →

MuddyWater

Score: 9.56

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution

MITREへのリンク →

Magic Hound

Score: 17.25

Matched TTPs:

T1082 - System Information Discovery
T1562 - Impair Defenses
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1573 - Encrypted Channel
T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-0501

Score: 16.21

Matched TTPs:

T1082 - System Information Discovery
T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1218.010 - Regsvr32
T1219.002 - Remote Desktop Software
T1027.002 - Software Packing
T1490 - Inhibit System Recovery

MITREへのリンク →

APT42

Score: 4.03

Matched TTPs:

T1082 - System Information Discovery
T1608.001 - Upload Malware
T1588.002 - Tool

MITREへのリンク →

SideCopy

Score: 5.47

Matched TTPs:

T1082 - System Information Discovery
T1106 - Native API
T1608.001 - Upload Malware

MITREへのリンク →

APT19

Score: 4.80

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1218.010 - Regsvr32

MITREへのリンク →

FIN8

Score: 9.60

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Tropic Trooper

Score: 8.61

Matched TTPs:

T1082 - System Information Discovery
T1106 - Native API
T1573 - Encrypted Channel
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustard Tempest

Score: 3.18

Matched TTPs:

T1082 - System Information Discovery
T1608.001 - Upload Malware

MITREへのリンク →

Wizard Spider

Score: 28.25

Matched TTPs:

T1082 - System Information Discovery
T1055 - Process Injection
T1210 - Exploitation of Remote Services
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS
T1569.002 - Service Execution
T1490 - Inhibit System Recovery
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Patchwork

Score: 10.53

Matched TTPs:

T1082 - System Information Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1027.002 - Software Packing
T1021.001 - Remote Desktop Protocol
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Windshift

Score: 3.73

Matched TTPs:

T1082 - System Information Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 30.53

Matched TTPs:

T1082 - System Information Discovery
T1106 - Native API
T1190 - Exploit Public-Facing Application
T1608.002 - Upload Tool
T1657 - Financial Theft
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1650 - Acquire Access
T1027.002 - Software Packing
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS
T1569.002 - Service Execution
T1490 - Inhibit System Recovery

MITREへのリンク →

Stealth Falcon

Score: 4.83

Matched TTPs:

T1082 - System Information Discovery
T1555.004 - Windows Credential Manager

MITREへのリンク →

Gorgon Group

Score: 4.93

Matched TTPs:

T1106 - Native API
T1588.002 - Tool
T1562.001 - Disable or Modify Tools

MITREへのリンク →

BlackTech

Score: 9.25

Matched TTPs:

T1106 - Native API
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

ToddyCat

Score: 6.28

Matched TTPs:

T1106 - Native API
T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

menuPass

Score: 11.34

Matched TTPs:

T1106 - Native API
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1588.002 - Tool
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS

MITREへのリンク →

Silence

Score: 9.64

Matched TTPs:

T1106 - Native API
T1055 - Process Injection
T1588.002 - Tool
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

LazyScripter

Score: 4.43

Matched TTPs:

T1608.001 - Upload Malware
T1588.001 - Malware

MITREへのリンク →

Threat Group-3390

Score: 17.87

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1608.002 - Upload Tool
T1210 - Exploitation of Remote Services
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1027.002 - Software Packing
T1588.003 - Code Signing Certificates

MITREへのリンク →

BITTER

Score: 7.94

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1573 - Encrypted Channel
T1203 - Exploitation for Client Execution

MITREへのリンク →

Saint Bear

Score: 7.32

Matched TTPs:

T1608.001 - Upload Malware
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

EXOTIC LILY

Score: 5.99

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

BackdoorDiplomacy

Score: 4.78

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Fox Kitten

Score: 8.20

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS

MITREへのリンク →

Cinnamon Tempest

Score: 4.84

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

GALLIUM

Score: 4.37

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1027.002 - Software Packing

MITREへのリンク →

Leviathan

Score: 7.36

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

INC Ransom

Score: 10.68

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Dragonfly

Score: 10.55

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS

MITREへのリンク →

Axiom

Score: 8.23

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT39

Score: 12.55

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1553.006 - Code Signing Policy Modification
T1588.002 - Tool
T1027.002 - Software Packing
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Cobalt Group

Score: 9.19

Matched TTPs:

T1055 - Process Injection
T1588.002 - Tool
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Velvet Ant

Score: 10.79

Matched TTPs:

T1055 - Process Injection
T1562.001 - Disable or Modify Tools
T1569.002 - Service Execution
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

LAPSUS$

Score: 9.78

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool
T1531 - Account Access Removal
T1003.003 - NTDS

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Andariel

Score: 3.95

Matched TTPs:

T1588.001 - Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

Equation

Score: 4.54

Matched TTPs:

T1542.002 - Component Firmware

MITREへのリンク →

Akira

Score: 10.10

Matched TTPs:

T1657 - Financial Theft
T1562.001 - Disable or Modify Tools
T1531 - Account Access Removal
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

PROMETHIUM

Score: 4.13

Matched TTPs:

T1205.001 - Port Knocking

MITREへのリンク →

Tonto Team

Score: 4.24

Matched TTPs:

T1210 - Exploitation of Remote Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

DarkVishnya

Score: 5.39

Matched TTPs:

T1588.002 - Tool
T1200 - Hardware Additions

MITREへのリンク →

Storm-1811

Score: 6.30

Matched TTPs:

T1588.002 - Tool
T1219.002 - Remote Desktop Software
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN6

Score: 14.30

Matched TTPs:

T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

WIRTE

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1218.010 - Regsvr32

MITREへのリンク →

Thrip

Score: 6.52

Matched TTPs:

T1588.002 - Tool
T1219.002 - Remote Desktop Software
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT33

Score: 5.09

Matched TTPs:

T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

The White Company

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

Elderwood

Score: 3.55

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.002 - Software Packing

MITREへのリンク →

RTM

Score: 6.21

Matched TTPs:

T1219.002 - Remote Desktop Software
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Dark Caracal

Score: 4.58

Matched TTPs:

T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80

Matched TTPs:

T1027.002 - Software Packing
T1218.010 - Regsvr32
T1608.001 - Upload Malware
T1587 - Develop Capabilities
T1588.003 - Code Signing Certificates
T1562.001 - Disable or Modify Tools
T1219.002 - Remote Desktop Software
T1190 - Exploit Public-Facing Application
T1587.001 - Malware
T1082 - System Information Discovery
T1583 - Acquire Infrastructure
T1657 - Financial Theft
T1588.002 - Tool
T1588.005 - Exploits
T1102.001 - Dead Drop Resolver
T1055 - Process Injection
T1007 - System Service Discovery
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Sandworm Team

Score: 0.62

Matched TTPs:

T1106 - Native API
T1003.003 - NTDS
T1203 - Exploitation for Client Execution
T1608.001 - Upload Malware
T1584.005 - Botnet
T1490 - Inhibit System Recovery
T1190 - Exploit Public-Facing Application
T1587.001 - Malware
T1082 - System Information Discovery
T1583 - Acquire Infrastructure
T1588.002 - Tool
T1195 - Supply Chain Compromise
T1499 - Endpoint Denial of Service

MITREへのリンク →

Medusa Group

Score: 0.60

Matched TTPs:

T1027.002 - Software Packing
T1106 - Native API
T1650 - Acquire Access
T1003.003 - NTDS
T1608.002 - Upload Tool
T1562.001 - Disable or Modify Tools
T1490 - Inhibit System Recovery
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1082 - System Information Discovery
T1657 - Financial Theft
T1569.002 - Service Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT28

Score: 0.59

Matched TTPs:

T1003.003 - NTDS
T1203 - Exploitation for Client Execution
T1498 - Network Denial of Service
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1211 - Exploitation for Defense Evasion
T1014 - Rootkit
T1550.001 - Application Access Token
T1210 - Exploitation of Remote Services
T1669 - Wi-Fi Networks

MITREへのリンク →

Wizard Spider

Score: 0.57

Matched TTPs:

T1021.001 - Remote Desktop Protocol
T1003.003 - NTDS
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates
T1562.001 - Disable or Modify Tools
T1490 - Inhibit System Recovery
T1588.002 - Tool
T1082 - System Information Discovery
T1569.002 - Service Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1055 - Process Injection
T1210 - Exploitation of Remote Services

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

BlackEnergy Malware

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ