Trusted Design

BlackEnergy APT Attacks in Ukraine employ spearphishing Word

概要

Late last year, a wave of cyber-attacks hit several critical sectors in Ukraine. Widely discussed in the media, the attacks took advantage of known BlackEnergy Trojans as well as several new modules. BlackEnergy is a Trojan that was created by a hacker known as Cr4sh. In 2007, he reportedly stopped working on it and sold the source code for an estimated $700. The source code appears to have been picked by one or more threat actors and was used to conduct DDoS attacks against Georgia in 2008. These unknown actors continued launching DDoS attacks over the next few years. Around 2014, a specific user group of BlackEnergy attackers came to our attention when they began deploying SCADA-related plugins to victims in the ICS and energy sectors around the world. This indicated a unique skillset, well above the average DDoS botnet master.

Created: 2026-02-23

Indicators

類似Pulses

BlackEnergy by the SSHBearDoor (score: 0.79)
Domains and Hostnames from the BlackEnergy report (score: 0.75)
Updated BlackEnergy Trojan Grows More Powerful (McAfee) (score: 0.74)
BlackEnergy Malware (score: 0.73)
New wave of cyberattacks against Ukrainian power industry (score: 0.71)

このPulseに関連する脅威アクター (事実ベース)

Mustard Tempest

Score: 6.51

Matched TTPs:

T1682 - Query Public AI Services
T1091 - Replication Through Removable Media

MITREへのリンク →

Medusa Group

Score: 12.37

Matched TTPs:

T1600 - Weaken Encryption
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1565 - Data Manipulation
T1128 - Netsh Helper DLL

MITREへのリンク →

Lazarus Group

Score: 12.14

Matched TTPs:

T1600 - Weaken Encryption
T1606.002 - SAML Tokens
T1565 - Data Manipulation
T1218.010 - Regsvr32
T1587 - Develop Capabilities

MITREへのリンク →

Sandworm Team

Score: 27.59

Matched TTPs:

T1600 - Weaken Encryption
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1565 - Data Manipulation
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1075 - Pass the Hash

MITREへのリンク →

LAPSUS$

Score: 3.29

Matched TTPs:

T1600 - Weaken Encryption

MITREへのリンク →

Wizard Spider

Score: 10.35

Matched TTPs:

T1600 - Weaken Encryption
T1567.001 - Exfiltration to Code Repository
T1587 - Develop Capabilities

MITREへのリンク →

Indrik Spider

Score: 9.23

Matched TTPs:

T1600 - Weaken Encryption
T1606.002 - SAML Tokens
T1498 - Network Denial of Service

MITREへのリンク →

Kimsuky

Score: 17.97

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1565 - Data Manipulation
T1197 - BITS Jobs
T1003.003 - NTDS

MITREへのリンク →

FIN13

Score: 6.09

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

Moonstone Sleet

Score: 12.78

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1565 - Data Manipulation
T1573 - Encrypted Channel
T1197 - BITS Jobs

MITREへのリンク →

Contagious Interview

Score: 13.06

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1021.006 - Windows Remote Management
T1552.003 - Shell History
T1565 - Data Manipulation

MITREへのリンク →

OilRig

Score: 12.15

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

UNC3886

Score: 9.19

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 4.07

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media

MITREへのリンク →

Salt Typhoon

Score: 7.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1498 - Network Denial of Service

MITREへのリンク →

APT29

Score: 8.68

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1683 - Generate Content
T1218.010 - Regsvr32

MITREへのリンク →

Play

Score: 6.09

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

Aoqin Dragon

Score: 3.59

Matched TTPs:

T1606.002 - SAML Tokens
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 4.84

Matched TTPs:

T1606.002 - SAML Tokens
T1128 - Netsh Helper DLL

MITREへのリンク →

Cleaver

Score: 4.44

Matched TTPs:

T1606.002 - SAML Tokens
T1565 - Data Manipulation

MITREへのリンク →

Moses Staff

Score: 3.57

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Turla

Score: 5.02

Matched TTPs:

T1606.002 - SAML Tokens
T1587 - Develop Capabilities

MITREへのリンク →

Ke3chang

Score: 7.41

Matched TTPs:

T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Mustang Panda

Score: 5.56

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

TeamTNT

Score: 8.61

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1071.003 - Mail Protocols

MITREへのリンク →

FIN7

Score: 8.47

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel

MITREへのリンク →

HAFNIUM

Score: 13.07

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1055.008 - Ptrace System Calls

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

TA2541

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

Earth Lusca

Score: 3.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Gamaredon Group

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1061 - Graphical User Interface

MITREへのリンク →

Star Blizzard

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation

MITREへのリンク →

Threat Group-3390

Score: 7.86

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel
T1218.010 - Regsvr32

MITREへのリンク →

TA505

Score: 4.90

Matched TTPs:

T1091 - Replication Through Removable Media
T1587 - Develop Capabilities

MITREへのリンク →

BlackByte

Score: 3.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

BITTER

Score: 7.09

Matched TTPs:

T1091 - Replication Through Removable Media
T1683 - Generate Content
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 5.81

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation
T1218.010 - Regsvr32

MITREへのリンク →

HEXANE

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation

MITREへのリンク →

Saint Bear

Score: 3.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

EXOTIC LILY

Score: 5.81

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation
T1218.010 - Regsvr32

MITREへのリンク →

APT42

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

Ember Bear

Score: 10.94

Matched TTPs:

T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1003.003 - NTDS

MITREへのリンク →

Volt Typhoon

Score: 5.09

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery

MITREへのリンク →

APT28

Score: 15.07

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1197 - BITS Jobs
T1146 - Clear Command History
T1055.008 - Ptrace System Calls

MITREへのリンク →

BackdoorDiplomacy

Score: 4.40

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1587 - Develop Capabilities

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel

MITREへのリンク →

Magic Hound

Score: 7.43

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1565 - Data Manipulation
T1683 - Generate Content

MITREへのリンク →

Storm-0501

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

Fox Kitten

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1565 - Data Manipulation

MITREへのリンク →

Cinnamon Tempest

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

Leviathan

Score: 8.23

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1565 - Data Manipulation
T1218.010 - Regsvr32
T1587 - Develop Capabilities

MITREへのリンク →

INC Ransom

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History

MITREへのリンク →

Dragonfly

Score: 5.89

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel
T1218.010 - Regsvr32

MITREへのリンク →

Axiom

Score: 11.12

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1160 - Launch Daemon

MITREへのリンク →

APT41

Score: 5.89

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1573 - Encrypted Channel
T1218.010 - Regsvr32

MITREへのリンク →

Malteiro

Score: 5.45

Matched TTPs:

T1552.003 - Shell History
T1587 - Develop Capabilities

MITREへのリンク →

Scattered Spider

Score: 16.69

Matched TTPs:

T1552.003 - Shell History
T1565 - Data Manipulation
T1197 - BITS Jobs
T1498 - Network Denial of Service
T1027.002 - Software Packing

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1565 - Data Manipulation

MITREへのリンク →

APT33

Score: 5.63

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1218.010 - Regsvr32

MITREへのリンク →

Tropic Trooper

Score: 10.79

Matched TTPs:

T1683 - Generate Content
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1587 - Develop Capabilities

MITREへのリンク →

Cobalt Group

Score: 7.17

Matched TTPs:

T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL

MITREへのリンク →

ZIRCONIUM

Score: 3.44

Matched TTPs:

T1197 - BITS Jobs

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.85

Matched TTPs:

T1606.002 - SAML Tokens
T1049 - System Network Connections Discovery
T1005 - Data from Local System
T1565 - Data Manipulation
T1075 - Pass the Hash
T1573 - Encrypted Channel
T1140 - Deobfuscate/Decode Files or Information
T1600 - Weaken Encryption
T1218.010 - Regsvr32
T1091 - Replication Through Removable Media

MITREへのリンク →

Kimsuky

Score: 0.60

Matched TTPs:

T1552.003 - Shell History
T1606.002 - SAML Tokens
T1565 - Data Manipulation
T1003.003 - NTDS
T1197 - BITS Jobs
T1140 - Deobfuscate/Decode Files or Information
T1091 - Replication Through Removable Media

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る