This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Software: BlackEnergy 3
Revision as of 13:55, 11 April 2021 by Oalexander (talk | contribs)
BlackEnergy 3 | |
---|---|
Software | |
ID | S0004 |
Aliases | BlackEnergy 3 |
Type | Malware |
BlackEnergy 3 is a malware toolkit that has been used by both criminal and APT actors. It support various plug-ins including a variant of KillDisk. It is known to have been used against the Ukrainian power grid.1
Associated Software Descriptions
- BlackEnergy 3 - 1
Techniques Used
- Spearphishing Attachment - BlackEnergy targeted energy sector organizations in a wide reaching email spearphishing campaign. Adversaries utilized malicious Microsoft Word documents attachments.1
- Standard Application Layer Protocol - BlackEnergy uses HTTP POST request to contact external command and control servers.1
- Valid Accounts - BlackEnergy utilizes valid user and administrator credentials, in addition to creating new administrator accounts to maintain presence.1
Groups
The following groups use this software:
References