20160203-BlackEnergy by maldoc,Malware
概要
Black Energy is a malware that was believed to cause power cut in Ukraine, blackouting 80,000 customers of western Ukraine's Prykarpattyaoblenergo utility, DHS said the "BlackEnergy Malware" used in the attack appears to have infected Ukraine's systems via a corrupted Microsoft Word attachment.
According to a Post form “Arbor Networks the security division of NETSCOUT” posted by Jose Nazaro on 10/12/2007, Black Energy is an HTTP-based botnet used primarily for DDoS attacks. Unlike most common bots, this bot does not communicate with the botnet master using IRC. Also, we do not see any exploit activities from this bot, unlike a traditional IRC bot. This is a small (under 50KB) binary for the Windows platform that uses a simple grammar to communicate. Most of the botnets we have been tracking (over 30 at present) are located in Malaysian and Russian IP address space and have targeted Russian sites with their DDoS attacks.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 7.47
Matched TTPs:
- T1583.005 - Botnet
- T1584.005 - Botnet
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1583.005 - Botnet
- T1007 - System Service Discovery
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1007 - System Service Discovery
- T1550.003 - Pass the Ticket
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 7.02
Matched TTPs:
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1007 - System Service Discovery
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 13.77
Matched TTPs:
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1218.010 - Regsvr32
- T1102.002 - Bidirectional Communication
- T1588.005 - Exploits
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1007 - System Service Discovery
- T1584.005 - Botnet
MITREへのリンク →
Score: 12.53
Matched TTPs:
- T1608.001 - Upload Malware
- T1584.005 - Botnet
- T1102.002 - Bidirectional Communication
- T1499 - Endpoint Denial of Service
MITREへのリンク →
Score: 6.11
Matched TTPs:
- T1608.001 - Upload Malware
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 4.37
Matched TTPs:
- T1608.001 - Upload Malware
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 8.56
Matched TTPs:
- T1608.001 - Upload Malware
- T1550.003 - Pass the Ticket
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.37
Matched TTPs:
- T1608.001 - Upload Malware
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1608.001 - Upload Malware
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1608.001 - Upload Malware
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.91
Matched TTPs:
- T1608.001 - Upload Malware
- T1674 - Input Injection
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1608.001 - Upload Malware
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 15.44
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1090.004 - Domain Fronting
- T1562.008 - Disable or Modify Cloud Logs
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.16
Matched TTPs:
- T1584.005 - Botnet
- T1001.002 - Steganography
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 6.02
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1529 - System Shutdown/Reboot
MITREへのリンク →
Score: 12.68
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1027.007 - Dynamic API Resolution
- T1566.003 - Spearphishing via Service
- T1529 - System Shutdown/Reboot
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 15.61
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1498 - Network Denial of Service
- T1669 - Wi-Fi Networks
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1529 - System Shutdown/Reboot
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1529 - System Shutdown/Reboot
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.85
Matched TTPs:
- T1211 - Exploitation for Defense Evasion
- T1498 - Network Denial of Service
- T1669 - Wi-Fi Networks
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 0.83
Matched TTPs:
- T1562.008 - Disable or Modify Cloud Logs
- T1566.003 - Spearphishing via Service
- T1550.003 - Pass the Ticket
- T1090.004 - Domain Fronting
MITREへのリンク →
Score: 0.74
Matched TTPs:
- T1007 - System Service Discovery
- T1102.002 - Bidirectional Communication
- T1588.005 - Exploits
- T1608.001 - Upload Malware
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1608.001 - Upload Malware
- T1584.005 - Botnet
- T1499 - Endpoint Denial of Service
MITREへのリンク →
Score: 0.69
Matched TTPs:
- T1027.007 - Dynamic API Resolution
- T1566.003 - Spearphishing via Service
- T1529 - System Shutdown/Reboot
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design