Trusted Design

Malicious Code Analysis on Ukraine's Power Grid Incident

概要

At the end of December 2015, the network system of Ukrainian power companies was attacked by hackers, leaving most areas of western Ukraine in the dark. Security Service of Ukraine (SBU) indicated that Russian spies had implanted malicious softwares in the State Grid which caused power plants shut down unexpectedly. A few days later, security teams overseas claimed that this incident was related to the BlackEnergy trojan and some malicious code samples had been acquired and analyzed. Knownsec Security Team has followed up this incident ever since its happening. This report records the analysis and tracing process of the entire incident.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 9.37
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

FIN13

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Indrik Spider

Score: 4.62
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
MITREへのリンク →

Lazarus Group

Score: 5.72
Matched TTPs:
  • T1587.001 - Malware
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

OilRig

Score: 7.36
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

UNC3886

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Sandworm Team

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT29

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Play

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

RedCurl

Score: 4.84
Matched TTPs:
  • T1587.001 - Malware
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Turla

Score: 4.62
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
MITREへのリンク →

Ke3chang

Score: 6.09
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Mustang Panda

Score: 6.63
Matched TTPs:
  • T1587.001 - Malware
  • T1678 - Delay Execution
MITREへのリンク →

TeamTNT

Score: 4.62
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
MITREへのリンク →

FIN7

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

BRONZE BUTLER

Score: 5.81
Matched TTPs:
  • T1007 - System Service Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Earth Lusca

Score: 3.99
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Volt Typhoon

Score: 3.99
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Rocke

Score: 4.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT28

Score: 10.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Medusa Group

Score: 12.38
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1573.002 - Asymmetric Cryptography
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

Blue Mockingbird

Score: 6.01
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1574.012 - COR_PROFILER
MITREへのリンク →

Axiom

Score: 6.01
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1001.002 - Steganography
MITREへのリンク →

APT41

Score: 4.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Velvet Ant

Score: 6.88
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Patchwork

Score: 3.29
Matched TTPs:
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT38

Score: 3.62
Matched TTPs:
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT37

Score: 3.62
Matched TTPs:
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Medusa Group

Score: 0.83
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.014 - MMC
  • T1573.002 - Asymmetric Cryptography
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT28

Score: 0.73
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Kimsuky

Score: 0.66
Matched TTPs:
  • T1587.001 - Malware
  • T1102.001 - Dead Drop Resolver
  • T1190 - Exploit Public-Facing Application
  • T1007 - System Service Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る