From 55f21451cc47b47707fcaecbafbeea7a69321e30 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 17 Dec 2016 09:26:42 +0100 Subject: [PATCH] BlackEnergy malware family added --- clusters/tool.json | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index f80a22b..11e16a8 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -1053,9 +1053,16 @@ }, { "value": "BASHLITE" + }, + { + "value": "BlackEnergy", + "description": "BlackEnergy is a trojan which has undergone significant functional changes since it was first publicly analysed by Arbor Networks in 2007. It has evolved from a relatively simple DDoS trojan into a relatively sophisticated piece of modern malware with a modular architecture, making it a suitable tool for sending spam and for online bank fraud, as well as for targeted attacks. BlackEnergy version 2, which featured rootkit techniques, was documented by SecureWorks in 2010. The targeted attacks recently discovered are proof that the trojan is still alive and kicking in 2014. We provide a technical analysis of the BlackEnergy family, focusing on novel functionality and the differences introduced by new lite variants. We describe the most notable aspects of the malware, including its techniques for bypassing UAC, defeating the signed driver requirement in Windows and a selection of BlackEnergy2 plug-ins used for parasitic file infections, network discovery and remote code execution and data collection.", + "meta": { + "refs": ["https://www.virusbulletin.com/conference/vb2014/abstracts/back-blackenergy-2014-targeted-attacks-ukraine-and-poland/"] + } } ], - "version": 3, + "version": 4, "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "author": [