This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.

Software: BlackEnergy 3

From attackics
Revision as of 13:55, 11 April 2021 by Oalexander (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
BlackEnergy 3
Software
ID S0004
Aliases BlackEnergy 3
Type Malware

BlackEnergy 3 is a malware toolkit that has been used by both criminal and APT actors. It support various plug-ins including a variant of KillDisk. It is known to have been used against the Ukrainian power grid.1

Associated Software Descriptions

  • BlackEnergy 3 - 1

Techniques Used

  • Spearphishing Attachment - BlackEnergy targeted energy sector organizations in a wide reaching email spearphishing campaign. Adversaries utilized malicious Microsoft Word documents attachments.1
  • Valid Accounts - BlackEnergy utilizes valid user and administrator credentials, in addition to creating new administrator accounts to maintain presence.1

Groups

The following groups use this software:

References

  1. a b c d e  Booz Allen Hamilton. (n.d.). When The Lights Went Out. Retrieved October 22, 2019.

 

Retrieved from "https://collaborate.mitre.org/attackics/index.php?title=Software/S0004&oldid=9102"