20160203-BlackEnergy by maldoc,Malware
概要
Black Energy is a malware that was believed to cause power cut in Ukraine, blackouting 80,000 customers of western Ukraine's Prykarpattyaoblenergo utility, DHS said the "BlackEnergy Malware" used in the attack appears to have infected Ukraine's systems via a corrupted Microsoft Word attachment.
According to a Post form “Arbor Networks the security division of NETSCOUT” posted by Jose Nazaro on 10/12/2007, Black Energy is an HTTP-based botnet used primarily for DDoS attacks. Unlike most common bots, this bot does not communicate with the botnet master using IRC. Also, we do not see any exploit activities from this bot, unlike a traditional IRC bot. This is a small (under 50KB) binary for the Windows platform that uses a simple grammar to communicate. Most of the botnets we have been tracking (over 30 at present) are located in Malaysian and Russian IP address space and have targeted Russian sites with their DDoS attacks.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 7.47
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1027.008 - Stripped Payloads
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 7.02
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 13.77
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1027.014 - Polymorphic Code
- T1547.002 - Authentication Package
- T1003.003 - NTDS
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 12.53
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1049 - System Network Connections Discovery
- T1547.002 - Authentication Package
- T1075 - Pass the Hash
MITREへのリンク →
Score: 6.11
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 4.37
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 8.56
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1592.004 - Client Configurations
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.37
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.91
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1011.001 - Exfiltration Over Bluetooth
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 15.44
Matched TTPs:
- T1592.004 - Client Configurations
- T1218.009 - Regsvcs/Regasm
- T1546.018 - Python Startup Hooks
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.16
Matched TTPs:
- T1049 - System Network Connections Discovery
- T1160 - Launch Daemon
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1601 - Modify System Image
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1601 - Modify System Image
MITREへのリンク →
Score: 6.02
Matched TTPs:
- T1547.002 - Authentication Package
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 12.68
Matched TTPs:
- T1547.002 - Authentication Package
- T1055.005 - Thread Local Storage
- T1547.008 - LSASS Driver
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1547.002 - Authentication Package
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 15.61
Matched TTPs:
- T1547.002 - Authentication Package
- T1146 - Clear Command History
- T1546.007 - Netsh Helper DLL
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1216 - System Script Proxy Execution
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.85
Matched TTPs:
- T1566.003 - Spearphishing via Service
- T1546.007 - Netsh Helper DLL
- T1146 - Clear Command History
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 0.83
Matched TTPs:
- T1546.018 - Python Startup Hooks
- T1218.009 - Regsvcs/Regasm
- T1592.004 - Client Configurations
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 0.74
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1547.002 - Authentication Package
- T1027.014 - Polymorphic Code
- T1003.003 - NTDS
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1075 - Pass the Hash
- T1049 - System Network Connections Discovery
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 0.69
Matched TTPs:
- T1547.008 - LSASS Driver
- T1055.005 - Thread Local Storage
- T1216 - System Script Proxy Execution
- T1547.002 - Authentication Package
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design