SentinelOne Discovers a New Delivery Tactic for BlackEnergy 3

Experiencing a Breach?

Get a Demo

Platform
The SentinelOne platform delivers the defenses you need to prevent, detect, and undo—known and unknown—threats.
Platform Overview
Platform Packages
- Platform Products
  
  Singularity Singularity CompleteThe Future's Enterprise Security Platform
  
  Singularity Singularity ControlSecurity with Suite Features
  
  Singularity Singularity CoreCloud-Native NGAV
  
  Singularity Singularity XDRExtended Detection & Response
  
  Singularity Singularity RangerNetwork Visibility & Control
  
  Singularity Singularity CloudContainer & Cloud Workload Security
Why SentinelOne?
Why SentinelOne?
SentinelOne is autonomous cybersecurity built for what’s next.

Why SentinelOne
Get a Demo
- Why SentinelOne?
  
  Our Customers Our Customers Trusted by Leading Enterprises Around the Globe
  
  About Us About Us The Industry Leader in Autonomous Cybersecurity
- Compare SentinelOne
  
  SentinelOne Vs CrowdStrike
  
  SentinelOne Vs Microsoft
  
  SentinelOne Vs McAfee
  
  SentinelOne Vs Symantec
- Verticals
  
  Energy
  
  Finance
  
  Healthcare
  
  Higher Education
  
  Manufacturing
  
  Retail
Services
Global Services
Augment leading technology with trusted expertise, and get set up for success with hands-on support and training.
Services Overview
Get Help Now
- Global Support & Services
  
  Vigilance Respond Pro MDR + DFIR Vigilance Respond Pro MDR + DFIR 24x7 MDR with Full-Scale
  Investigation and Response
  
  Vigilance Respond MDR Vigilance Respond MDR Dedicated SOC Expertise and Analysis
  
  WatchTower WatchTower Intelligence-Driven Threat Hunting
  
  Readiness Readiness Best-Practice Deployment and
  Quarterly Health Checks
  
  Support Services Support Services Tiered Support Options
  for Every Organisation
  
  Technical Account Management Technical Account Management Customer Success with
  Personalised Service
  
  SentinelOne University SentinelOne University Live and On-Demand Training
Partners
Partner Program
See how SentinelOne works with trusted names worldwide to enhance programs, process, and technology.
Program Overview
- OUR NETWORK
  
  Singularity Singularity MarketplaceExtend the Power of S1 Technology
  
  Technology Technology Alliances See Integrated, Enterprise-Scale Solutions
  
  Channel Channel PartnersDeliver the Right Solutions. Together
  
  Cyber Risk Cyber Risk PartnersEnlist Pro Response and Advisory Terms
  
  SentinelOne SentinelOne for AWSSentinelOne hosted in AWS regions around the world.
Resources
- eBooks
- White Papers
- Datasheets
- Case Studies
- Webinars
- Videos
- Reports
- Events
Company
- Cybersecurity Blog
- Labs
- Hack Chat
- Press
- News
- FAQ
- About Us
- Careers

Platform
The SentinelOne platform delivers the defenses you need to prevent, detect, and undo—known and unknown—threats.
Platform Overview
Platform Packages
- Platform Products
  
  Singularity Singularity CompleteThe Future's Enterprise Security Platform
  
  Singularity Singularity ControlSecurity with Suite Features
  
  Singularity Singularity CoreCloud-Native NGAV
  
  Singularity Singularity XDRExtended Detection & Response
  
  Singularity Singularity RangerNetwork Visibility & Control
  
  Singularity Singularity CloudContainer & Cloud Workload Security
Why SentinelOne?
Why SentinelOne?
SentinelOne is autonomous cybersecurity built for what’s next.

Why SentinelOne
Get a Demo
- Why SentinelOne?
  
  Our Customers Our Customers Trusted by Leading Enterprises Around the Globe
  
  About Us About Us The Industry Leader in Autonomous Cybersecurity
- Compare SentinelOne
  
  SentinelOne Vs CrowdStrike
  
  SentinelOne Vs Microsoft
  
  SentinelOne Vs McAfee
  
  SentinelOne Vs Symantec
- Verticals
  
  Energy
  
  Finance
  
  Healthcare
  
  Higher Education
  
  Manufacturing
  
  Retail
Services
Global Services
Augment leading technology with trusted expertise, and get set up for success with hands-on support and training.
Services Overview
Get Help Now
- Global Support & Services
  
  Vigilance Respond Pro MDR + DFIR Vigilance Respond Pro MDR + DFIR 24x7 MDR with Full-Scale
  Investigation and Response
  
  Vigilance Respond MDR Vigilance Respond MDR Dedicated SOC Expertise and Analysis
  
  WatchTower WatchTower Intelligence-Driven Threat Hunting
  
  Readiness Readiness Best-Practice Deployment and
  Quarterly Health Checks
  
  Support Services Support Services Tiered Support Options
  for Every Organisation
  
  Technical Account Management Technical Account Management Customer Success with
  Personalised Service
  
  SentinelOne University SentinelOne University Live and On-Demand Training
Partners
Partner Program
See how SentinelOne works with trusted names worldwide to enhance programs, process, and technology.
Program Overview
- OUR NETWORK
  
  Singularity Singularity MarketplaceExtend the Power of S1 Technology
  
  Technology Technology Alliances See Integrated, Enterprise-Scale Solutions
  
  Channel Channel PartnersDeliver the Right Solutions. Together
  
  Cyber Risk Cyber Risk PartnersEnlist Pro Response and Advisory Terms
  
  SentinelOne SentinelOne for AWSSentinelOne hosted in AWS regions around the world.
Resources
- eBooks
- White Papers
- Datasheets
- Case Studies
- Webinars
- Videos
- Reports
- Events
Company
- Cybersecurity Blog
- Labs
- Hack Chat
- Press
- News
- FAQ
- About Us
- Careers

Experiencing a Breach?

We’ve recently detected a new distribution mechanism for BlackEnergy 3 that’s actively in use today affecting SCADA systems across Europe. BlackEnergy of course has been in existence since 2007, and has evolved significantly into a complete rootkit that can perform data exfiltration and network sniffing, among other tasks. In the following write up SentinelOne security researchers detail the results of reverse engineering this latest sample that demonstrates a new delivery tactic utilizing Microsoft Office.

You can download the full report here.