Trusted Design

Connecting the Dots: Syrian Malware Team Uses BlackWorm for Attacks (2014)

概要

The Syrian Electronic Army has made news for its recent attacks on major communications websites, Forbes, and an alleged attack on CENTCOM. While these attacks garnered public attention, the activities of another group - The Syrian Malware Team - have gone largely unnoticed. The group’s activities prompted us to take a closer look. We discovered this group using a .NET based RAT called BlackWorm to infiltrate their targets.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Syrian malware - The Joe (score: 0.68)
RATs from the Underground (score: 0.67)
Operation DustySky (score: 0.64)
Sandworm Team Leverage CVE-2014-4114 Zero-Day (score: 0.63)
BlackEnergy APT Attacks in Ukraine employ spearphishing Word (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 5.63

Matched TTPs:

T1491.002 - External Defacement
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 14.51

Matched TTPs:

T1491.002 - External Defacement
T1608.001 - Upload Malware
T1584.005 - Botnet
T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT41

Score: 12.35

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1069 - Permission Groups Discovery
T1203 - Exploitation for Client Execution
T1008 - Fallback Channels

MITREへのリンク →

TA551

Score: 4.13

Matched TTPs:

T1568.002 - Domain Generation Algorithms

MITREへのリンク →

Scattered Spider

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

TA505

Score: 5.26

Matched TTPs:

T1069 - Permission Groups Discovery
T1608.001 - Upload Malware

MITREへのリンク →

Volt Typhoon

Score: 10.19

Matched TTPs:

T1069 - Permission Groups Discovery
T1584.005 - Botnet
T1593 - Search Open Websites/Domains

MITREへのリンク →

APT3

Score: 4.78

Matched TTPs:

T1069 - Permission Groups Discovery
T1203 - Exploitation for Client Execution

MITREへのリンク →

FIN13

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

TA2541

Score: 6.73

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Earth Lusca

Score: 5.75

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1189 - Drive-by Compromise

MITREへのリンク →

Mustang Panda

Score: 12.90

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Kimsuky

Score: 10.56

Matched TTPs:

T1608.001 - Upload Malware
T1071.003 - Mail Protocols
T1583.006 - Web Services
T1593 - Search Open Websites/Domains

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1608.001 - Upload Malware
T1189 - Drive-by Compromise

MITREへのリンク →

OilRig

Score: 12.18

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1008 - Fallback Channels
T1566.003 - Spearphishing via Service

MITREへのリンク →

LazyScripter

Score: 3.99

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services

MITREへのリンク →

Gamaredon Group

Score: 3.99

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services

MITREへのリンク →

Star Blizzard

Score: 5.26

Matched TTPs:

T1608.001 - Upload Malware
T1593 - Search Open Websites/Domains

MITREへのリンク →

Threat Group-3390

Score: 5.23

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

BITTER

Score: 3.47

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 14.37

Matched TTPs:

T1608.001 - Upload Malware
T1071.003 - Mail Protocols
T1550.003 - Pass the Ticket
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Moonstone Sleet

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 17.21

Matched TTPs:

T1608.001 - Upload Malware
T1071.003 - Mail Protocols
T1681 - Search Threat Vendor Data
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 7.42

Matched TTPs:

T1608.001 - Upload Malware
T1583.006 - Web Services
T1008 - Fallback Channels

MITREへのリンク →

EXOTIC LILY

Score: 5.99

Matched TTPs:

T1608.001 - Upload Malware
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 4.72

Matched TTPs:

T1608.001 - Upload Malware
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Turla

Score: 7.06

Matched TTPs:

T1071.003 - Mail Protocols
T1583.006 - Web Services
T1189 - Drive-by Compromise

MITREへのリンク →

SilverTerrier

Score: 3.29

Matched TTPs:

T1071.003 - Mail Protocols

MITREへのリンク →

APT28

Score: 13.09

Matched TTPs:

T1071.003 - Mail Protocols
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1498 - Network Denial of Service

MITREへのリンク →

UNC3886

Score: 9.07

Matched TTPs:

T1681 - Search Threat Vendor Data
T1203 - Exploitation for Client Execution
T1008 - Fallback Channels

MITREへのリンク →

APT29

Score: 14.41

Matched TTPs:

T1550.003 - Pass the Ticket
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1562.008 - Disable or Modify Cloud Logs
T1566.003 - Spearphishing via Service

MITREへのリンク →

BRONZE BUTLER

Score: 7.10

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

HAFNIUM

Score: 5.63

Matched TTPs:

T1584.005 - Botnet
T1583.006 - Web Services

MITREへのリンク →

Axiom

Score: 6.88

Matched TTPs:

T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Medusa Group

Score: 4.76

Matched TTPs:

T1583.006 - Web Services
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

MuddyWater

Score: 3.51

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lazarus Group

Score: 15.37

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1027.007 - Dynamic API Resolution
T1008 - Fallback Channels
T1566.003 - Spearphishing via Service

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Magic Hound

Score: 6.30

Matched TTPs:

T1583.006 - Web Services
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT33

Score: 5.63

Matched TTPs:

T1552.006 - Group Policy Preferences
T1203 - Exploitation for Client Execution

MITREへのリンク →

Wizard Spider

Score: 4.13

Matched TTPs:

T1552.006 - Group Policy Preferences

MITREへのリンク →

RedCurl

Score: 6.88

Matched TTPs:

T1056.002 - GUI Input Capture
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1056.002 - GUI Input Capture

MITREへのリンク →

Dragonfly

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Patchwork

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Cobalt Group

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Leviathan

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT37

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Transparent Tribe

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Tropic Trooper

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Contagious Interview

Score: 0.80

Matched TTPs:

T1593 - Search Open Websites/Domains
T1681 - Search Threat Vendor Data
T1608.001 - Upload Malware
T1583.006 - Web Services
T1566.003 - Spearphishing via Service
T1071.003 - Mail Protocols

MITREへのリンク →

Sandworm Team

Score: 0.77

Matched TTPs:

T1203 - Exploitation for Client Execution
T1584.005 - Botnet
T1593 - Search Open Websites/Domains
T1608.001 - Upload Malware
T1491.002 - External Defacement

MITREへのリンク →

Lazarus Group

Score: 0.77

Matched TTPs:

T1008 - Fallback Channels
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1027.007 - Dynamic API Resolution
T1583.006 - Web Services
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT32

Score: 0.72

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1608.001 - Upload Malware
T1583.006 - Web Services
T1550.003 - Pass the Ticket
T1071.003 - Mail Protocols

MITREへのリンク →

APT29

Score: 0.71

Matched TTPs:

T1203 - Exploitation for Client Execution
T1562.008 - Disable or Modify Cloud Logs
T1583.006 - Web Services
T1566.003 - Spearphishing via Service
T1550.003 - Pass the Ticket

MITREへのリンク →

APT28

Score: 0.67

Matched TTPs:

T1498 - Network Denial of Service
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1583.006 - Web Services
T1071.003 - Mail Protocols

MITREへのリンク →

APT41

Score: 0.65

Matched TTPs:

T1069 - Permission Groups Discovery
T1008 - Fallback Channels
T1568.002 - Domain Generation Algorithms
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustang Panda

Score: 0.64

Matched TTPs:

T1203 - Exploitation for Client Execution
T1593 - Search Open Websites/Domains
T1608.001 - Upload Malware
T1027.007 - Dynamic API Resolution
T1583.006 - Web Services

MITREへのリンク →

OilRig

Score: 0.63

Matched TTPs:

T1008 - Fallback Channels
T1203 - Exploitation for Client Execution
T1608.001 - Upload Malware
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る