Software: BlackEnergy 3
Revision as of 13:55, 11 April 2021 by Oalexander (talk | contribs)
| BlackEnergy 3 | |
|---|---|
| Software | |
| ID | S0004 |
| Aliases | BlackEnergy 3 |
| Type | Malware |
BlackEnergy 3 is a malware toolkit that has been used by both criminal and APT actors. It support various plug-ins including a variant of KillDisk. It is known to have been used against the Ukrainian power grid.1
Associated Software Descriptions
- BlackEnergy 3 - 1
Techniques Used
- Spearphishing Attachment - BlackEnergy targeted energy sector organizations in a wide reaching email spearphishing campaign. Adversaries utilized malicious Microsoft Word documents attachments.1
- Standard Application Layer Protocol - BlackEnergy uses HTTP POST request to contact external command and control servers.1
- Valid Accounts - BlackEnergy utilizes valid user and administrator credentials, in addition to creating new administrator accounts to maintain presence.1
Groups
The following groups use this software:
References
