This site has been deprecated in favor of and will remain in place until 11/1/22.

Software: BlackEnergy 3

From attackics
Revision as of 13:55, 11 April 2021 by Oalexander (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
BlackEnergy 3
ID S0004
Aliases BlackEnergy 3
Type Malware

BlackEnergy 3 is a malware toolkit that has been used by both criminal and APT actors. It support various plug-ins including a variant of KillDisk. It is known to have been used against the Ukrainian power grid.1

Associated Software Descriptions

  • BlackEnergy 3 - 1

Techniques Used

  • Spearphishing Attachment - BlackEnergy targeted energy sector organizations in a wide reaching email spearphishing campaign. Adversaries utilized malicious Microsoft Word documents attachments.1
  • Valid Accounts - BlackEnergy utilizes valid user and administrator credentials, in addition to creating new administrator accounts to maintain presence.1


The following groups use this software: