SentinelOne Discovers a New Delivery Tactic for BlackEnergy 3

Experiencing a Breach?

blog

Get a Demo

Platform
The SentinelOne platform delivers the defenses you need to prevent, detect, and undo—known and unknown—threats.
Platform Overview Platform Packages SentinelOne vs CrowdStrike
Platform Products

Singularity Singularity CompleteThe Future's Enterprise Security Platform

Singularity Singularity ControlSecurity with Suite Features

Singularity Singularity CoreCloud-Native NGAV

Singularity Singularity Ranger IoTNetwork Visibility & Control

Singularity Singularity CloudContainer & Cloud Workload Security
Platform Verticals

Energy

Finance

Healthcare

Higher Education

Retail
Our Customers
Services
Augment leading technology with trusted expertise, and get set up for success with hands-on support and training.
Services Overview Get Help Now
Global Support & Services

Vigilance Respond Pro MDR + DFIR Vigilance Respond Pro MDR + DFIR 24x7 MDR with Full-Scale
Investigation and Response

Vigilance Respond MDR Vigilance Respond MDR Dedicated SOC Expertise and Analysis

WatchTower WatchTower Intelligence-Driven Threat Hunting

Readiness Readiness Best-Practice Deployment and
Quarterly Health Checks

Support Services Support Services Tiered Support Options
for Every Organisation

Technical Account Management Technical Account Management Customer Success with
Personalised Service

SentinelOne University SentinelOne University Live and On-Demand Training
Partners
See how SentinelOne works with trusted names worldwide to enhance programs, process, and technology.
Program Overview
OUR NETWORK

Singularity Singularity MarketplaceExtend the Power of S1 Technology

Technology Technology Alliances See Integrated, Enterprise-Scale Solutions

Channel Channel PartnersDeliver the Right Solutions. Together

Cyber Risk Cyber Risk PartnersEnlist Pro Response and Advisory Terms
Resources
- eBooks
- White Papers
- Datasheets
- Case Studies
- Webinars
- Videos
- Reports
- Events
Company
- Blog
- Labs
- Hack Chat
- Press
- News
- FAQ
- About Us
- Careers

Platform
The SentinelOne platform delivers the defenses you need to prevent, detect, and undo—known and unknown—threats.
Platform Overview Platform Packages SentinelOne vs CrowdStrike
Platform Products

Singularity Singularity CompleteThe Future's Enterprise Security Platform

Singularity Singularity ControlSecurity with Suite Features

Singularity Singularity CoreCloud-Native NGAV

Singularity Singularity Ranger IoTNetwork Visibility & Control

Singularity Singularity CloudContainer & Cloud Workload Security
Platform Verticals

Energy

Finance

Healthcare

Higher Education

Retail
Our Customers
Services
Augment leading technology with trusted expertise, and get set up for success with hands-on support and training.
Services Overview Get Help Now
Global Support & Services

Vigilance Respond Pro MDR + DFIR Vigilance Respond Pro MDR + DFIR 24x7 MDR with Full-Scale
Investigation and Response

Vigilance Respond MDR Vigilance Respond MDR Dedicated SOC Expertise and Analysis

WatchTower WatchTower Intelligence-Driven Threat Hunting

Readiness Readiness Best-Practice Deployment and
Quarterly Health Checks

Support Services Support Services Tiered Support Options
for Every Organisation

Technical Account Management Technical Account Management Customer Success with
Personalised Service

SentinelOne University SentinelOne University Live and On-Demand Training
Partners
See how SentinelOne works with trusted names worldwide to enhance programs, process, and technology.
Program Overview
OUR NETWORK

Singularity Singularity MarketplaceExtend the Power of S1 Technology

Technology Technology Alliances See Integrated, Enterprise-Scale Solutions

Channel Channel PartnersDeliver the Right Solutions. Together

Cyber Risk Cyber Risk PartnersEnlist Pro Response and Advisory Terms
Resources
- eBooks
- White Papers
- Datasheets
- Case Studies
- Webinars
- Videos
- Reports
- Events
Company
- Blog
- Labs
- Hack Chat
- Press
- News
- FAQ
- About Us
- Careers

Experiencing a Breach?

Get a Demo

We’ve recently detected a new distribution mechanism for BlackEnergy 3 that’s actively in use today affecting SCADA systems across Europe. BlackEnergy of course has been in existence since 2007, and has evolved significantly into a complete rootkit that can perform data exfiltration and network sniffing, among other tasks. In the following write up SentinelOne security researchers detail the results of reverse engineering this latest sample that demonstrates a new delivery tactic utilizing Microsoft Office.

You can download the full report here.