|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
DDoS attacks
remote access
information theft
destructive payloads
|
|
gptkbp:alsoKnownAs
|
gptkb:BlackEnergy_v3
|
|
gptkbp:C2Communication
|
gptkb:HTTP
proxy servers
encrypted channels
|
|
gptkbp:deliveredBy
|
phishing emails
malicious documents
|
|
gptkbp:detects
|
gptkb:security
|
|
gptkbp:developedBy
|
unknown
|
|
gptkbp:exploits
|
gptkb:CVE-2014-4114
gptkb:CVE-2015-2360
|
|
gptkbp:firstAppearance
|
2014
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
BlackEnergy 3
|
|
gptkbp:impact
|
critical infrastructure disruption
|
|
gptkbp:industry
|
gptkb:energy
industrial control systems
|
|
gptkbp:majorCity
|
gptkb:Ukraine
|
|
gptkbp:modularArchitecture
|
yes
|
|
gptkbp:notableBattle
|
gptkb:2015_Ukraine_power_grid_attack
|
|
gptkbp:notableGroup
|
gptkb:Sandworm_Team
|
|
gptkbp:persistenceMechanism
|
gptkb:Windows_registry
scheduled tasks
|
|
gptkbp:platform
|
gptkb:Windows
|
|
gptkbp:relatedTo
|
gptkb:BlackEnergy_2
gptkb:KillDisk
|
|
gptkbp:removalDifficulty
|
high
|
|
gptkbp:signature
|
varies
|
|
gptkbp:status
|
active (as of 2016)
|
|
gptkbp:type
|
trojan
botnet
|
|
gptkbp:usedIn
|
gptkb:Ukraine_power_grid_cyberattack
|
|
gptkbp:writtenBy
|
gptkb:C/C++
|
|
gptkbp:bfsParent
|
gptkb:BlackEnergy
gptkb:BlackEnergy_malware
|
|
gptkbp:bfsLayer
|
6
|