SentinelOne Discovers a New Delivery Tactic for BlackEnergy 3

Experiencing a Breach?

Platform
The SentinelOne platform delivers the defenses you need to prevent, detect, and undo—known and unknown—threats.
Platform Overview
Platform Packages
- Platform Packages
  
  Singularity Singularity CompleteThe Future's Enterprise Security Platform
  
  Singularity Singularity ControlSecurity with Suite Features
  
  Singularity Singularity CoreCloud-Native NGAV
- Platform Products
  
  Singularity Singularity XDRExtended Detection
  & Response
  
  Singularity Singularity RangerNetwork Visibility & Control
  
  Singularity Singularity CloudContainer & Cloud
  Workload Security
  
  Singularity Singularity XDR Power ToolsAdvanced XDR tools
  
  Singularity Singularity SignalAdvanced Threat Intelligence
  
  SentinelOne SentinelOne Data PlatformScalable Data Management
Why SentinelOne?
Why SentinelOne?
SentinelOne is autonomous cybersecurity built for what’s next.

Why SentinelOne
Get a Demo
- Why SentinelOne?
  
  Our Customers Our Customers Trusted by Leading Enterprises Around the Globe
  
  About Us About Us The Industry Leader in Autonomous Cybersecurity
  
  Industry Recognition Industry Recognition Tested & Proven
- Compare SentinelOne
  
  SentinelOne vs. CrowdStrike
  
  SentinelOne vs. Microsoft
  
  SentinelOne vs. McAfee
  
  SentinelOne vs. Symantec
- Verticals
  
  Energy
  
  Finance
  
  Healthcare
  
  Higher Education
  
  K-12 Education
  
  Manufacturing
  
  Retail
Services
Global Services
Augment leading technology with trusted expertise, and get set up for success with hands-on support and training.
Services Overview
Get Help Now
- Threat Services
  
  Vigilance Respond Pro Vigilance Respond Pro MDR + DFIR24x7 MDR with Full-Scale
  Investigation & Response
  
  Vigilance Respond Vigilance Respond MDRDedicated SOC
  Expertise & Analysis
  
  WatchTower Pro WatchTower Pro Threat HuntingDedicated Threat Hunting
  & Compromise Assessment
  
  WatchTower WatchTower Threat HuntingHunting for Active Campaigns
  & Emerging Threats
- Support, Deployment, & Health
  
  Readiness Readiness Best-Practice Deployment &
  Quarterly Health Checks
  
  Support Services Support Services Tiered Support Options
  for Every Organisation
  
  Technical Account Management Technical Account Management Customer Success with
  Personalised Service
  
  SentinelOne University SentinelOne University Live & On-Demand Training
Partners
Partner Program
See how SentinelOne works with trusted names worldwide to enhance programs, process, and technology.
Program Overview
- OUR NETWORK
  
  Singularity Marketplace Singularity Marketplace Extend the Power of S1 Technology
  
  Technology Alliances Technology Alliances See Integrated, Enterprise-Scale Solutions
  
  Channel Partners Channel Partners PartnersDeliver the Right Solutions. Together
  
  Cyber Risk Partners Cyber Risk Partners Enlist Pro Response & Advisory Terms
  
  SentinelOne for AWS SentinelOne for AWS SentinelOne hosted in AWS
  regions around the world.
Resources
Resources
Your go-to source for the latest SentinelOne digital content, from webinars to white papers, and everything in between.
Resource Center
Company
- Cybersecurity Blog
- Labs
- Hack Chat
- Cyber Chat
- Press
- News
- FAQ
- Brand Guidelines
- About Us
- Careers
- Investor Relations

Platform
The SentinelOne platform delivers the defenses you need to prevent, detect, and undo—known and unknown—threats.
Platform Overview
Platform Packages
- Platform Packages
  
  Singularity Singularity CompleteThe Future's Enterprise Security Platform
  
  Singularity Singularity ControlSecurity with Suite Features
  
  Singularity Singularity CoreCloud-Native NGAV
- Platform Products
  
  Singularity Singularity XDRExtended Detection
  & Response
  
  Singularity Singularity RangerNetwork Visibility & Control
  
  Singularity Singularity CloudContainer & Cloud
  Workload Security
  
  Singularity Singularity XDR Power ToolsAdvanced XDR tools
  
  Singularity Singularity SignalAdvanced Threat Intelligence
  
  SentinelOne SentinelOne Data PlatformScalable Data Management
Why SentinelOne?
Why SentinelOne?
SentinelOne is autonomous cybersecurity built for what’s next.

Why SentinelOne
Get a Demo
- Why SentinelOne?
  
  Our Customers Our Customers Trusted by Leading Enterprises Around the Globe
  
  About Us About Us The Industry Leader in Autonomous Cybersecurity
  
  Industry Recognition Industry Recognition Tested & Proven
- Compare SentinelOne
  
  SentinelOne vs. CrowdStrike
  
  SentinelOne vs. Microsoft
  
  SentinelOne vs. McAfee
  
  SentinelOne vs. Symantec
- Verticals
  
  Energy
  
  Finance
  
  Healthcare
  
  Higher Education
  
  K-12 Education
  
  Manufacturing
  
  Retail
Services
Global Services
Augment leading technology with trusted expertise, and get set up for success with hands-on support and training.
Services Overview
Get Help Now
- Threat Services
  
  Vigilance Respond Pro Vigilance Respond Pro MDR + DFIR24x7 MDR with Full-Scale
  Investigation & Response
  
  Vigilance Respond Vigilance Respond MDRDedicated SOC
  Expertise & Analysis
  
  WatchTower Pro WatchTower Pro Threat HuntingDedicated Threat Hunting
  & Compromise Assessment
  
  WatchTower WatchTower Threat HuntingHunting for Active Campaigns
  & Emerging Threats
- Support, Deployment, & Health
  
  Readiness Readiness Best-Practice Deployment &
  Quarterly Health Checks
  
  Support Services Support Services Tiered Support Options
  for Every Organisation
  
  Technical Account Management Technical Account Management Customer Success with
  Personalised Service
  
  SentinelOne University SentinelOne University Live & On-Demand Training
Partners
Partner Program
See how SentinelOne works with trusted names worldwide to enhance programs, process, and technology.
Program Overview
- OUR NETWORK
  
  Singularity Marketplace Singularity Marketplace Extend the Power of S1 Technology
  
  Technology Alliances Technology Alliances See Integrated, Enterprise-Scale Solutions
  
  Channel Partners Channel Partners PartnersDeliver the Right Solutions. Together
  
  Cyber Risk Partners Cyber Risk Partners Enlist Pro Response & Advisory Terms
  
  SentinelOne for AWS SentinelOne for AWS SentinelOne hosted in AWS
  regions around the world.
Resources
Resources
Your go-to source for the latest SentinelOne digital content, from webinars to white papers, and everything in between.
Resource Center
Company
- Cybersecurity Blog
- Labs
- Hack Chat
- Cyber Chat
- Press
- News
- FAQ
- Brand Guidelines
- About Us
- Careers
- Investor Relations

Experiencing a Breach?

We’ve recently detected a new distribution mechanism for BlackEnergy 3 that’s actively in use today affecting SCADA systems across Europe. BlackEnergy of course has been in existence since 2007, and has evolved significantly into a complete rootkit that can perform data exfiltration and network sniffing, among other tasks. In the following write up SentinelOne security researchers detail the results of reverse engineering this latest sample that demonstrates a new delivery tactic utilizing Microsoft Office.

You can download the full report here.