SYMBOLCOMMON_NAMEaka. SYNONYMS

GreyEnergy  (Back to overview)


ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks


Associated Families
win.felixroot win.grey_energy

References
2022-02-24nvisoMichel Coene
@online{coene:20220224:threat:f0dba09, author = {Michel Coene}, title = {{Threat Update – Ukraine & Russia conflict}}, date = {2022-02-24}, organization = {nviso}, url = {https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/}, language = {English}, urldate = {2022-03-01} } Threat Update – Ukraine & Russia conflict
EternalPetya GreyEnergy HermeticWiper Industroyer KillDisk WhisperGate
2021-09-06cocomelonccocomelonc
@online{cocomelonc:20210906:av:215e5aa, author = {cocomelonc}, title = {{AV engines evasion for C++ simple malware: part 2}}, date = {2021-09-06}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/tutorial/2021/09/06/simple-malware-av-evasion-2.html}, language = {English}, urldate = {2022-11-28} } AV engines evasion for C++ simple malware: part 2
Agent Tesla Amadey Anchor Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze Unidentified 090 (Lazarus)
2020SecureworksSecureWorks
@online{secureworks:2020:iron:3c939bc, author = {SecureWorks}, title = {{IRON VIKING}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/iron-viking}, language = {English}, urldate = {2020-05-23} } IRON VIKING
BlackEnergy EternalPetya GreyEnergy Industroyer KillDisk TeleBot TeleDoor
2019-05-08Verizon Communications Inc.Verizon Communications Inc.
@techreport{inc:20190508:2019:3c20a3b, author = {Verizon Communications Inc.}, title = {{2019 Data Breach Investigations Report}}, date = {2019-05-08}, institution = {Verizon Communications Inc.}, url = {https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf}, language = {English}, urldate = {2020-05-10} } 2019 Data Breach Investigations Report
BlackEnergy Cobalt Strike DanaBot Gandcrab GreyEnergy Mirai Olympic Destroyer SamSam
2019-02-12Nozomi NetworksAlessandro Di Pinto
@online{pinto:20190212:greyenergy:1acfcdf, author = {Alessandro Di Pinto}, title = {{GreyEnergy Malware Research Paper: Maldoc to Backdoor}}, date = {2019-02-12}, organization = {Nozomi Networks}, url = {https://www.nozominetworks.com/2019/02/12/blog/greyenergy-malware-research-paper-maldoc-to-backdoor/}, language = {English}, urldate = {2020-01-10} } GreyEnergy Malware Research Paper: Maldoc to Backdoor
GreyEnergy
2019-01-25Github (NozomiNetworks)NozomiNetworks
@online{nozominetworks:20190125:toolkit:c87f77f, author = {NozomiNetworks}, title = {{Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples.}}, date = {2019-01-25}, organization = {Github (NozomiNetworks)}, url = {https://github.com/NozomiNetworks/greyenergy-unpacker}, language = {English}, urldate = {2020-01-09} } Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples.
GreyEnergy
2019-01-24Kaspersky LabsKaspersky Lab ICS CERT
@online{cert:20190124:greyenergys:523e803, author = {Kaspersky Lab ICS CERT}, title = {{GreyEnergy’s overlap with Zebrocy}}, date = {2019-01-24}, organization = {Kaspersky Labs}, url = {https://securelist.com/greyenergys-overlap-with-zebrocy/89506/}, language = {English}, urldate = {2019-12-20} } GreyEnergy’s overlap with Zebrocy
GreyEnergy Zebrocy
2018-10-18ESET ResearchAnton Cherepanov
@techreport{cherepanov:20181018:greyenergy:9885d0c, author = {Anton Cherepanov}, title = {{GREYENERGY: A successor to BlackEnergy}}, date = {2018-10-18}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf}, language = {English}, urldate = {2020-01-09} } GREYENERGY: A successor to BlackEnergy
Felixroot GreyEnergy
2018-10-17ESET ResearchAnton Cherepanov, Robert Lipovsky
@online{cherepanov:20181017:eset:c34687b, author = {Anton Cherepanov and Robert Lipovsky}, title = {{ESET unmasks ‘GREYENERGY’ cyber-espionage group}}, date = {2018-10-17}, organization = {ESET Research}, url = {https://www.eset.com/int/greyenergy-exposed/}, language = {English}, urldate = {2020-01-13} } ESET unmasks ‘GREYENERGY’ cyber-espionage group
GreyEnergy GreyEnergy
2018-10-17ESET ResearchAnton Cherepanov, Robert Lipovsky
@online{cherepanov:20181017:greyenergy:f328dbf, author = {Anton Cherepanov and Robert Lipovsky}, title = {{GreyEnergy: Updated arsenal of one of the most dangerous threat actors}}, date = {2018-10-17}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/}, language = {English}, urldate = {2020-01-07} } GreyEnergy: Updated arsenal of one of the most dangerous threat actors
GreyEnergy
2018-08-28Medium SebdravenSébastien Larinier
@online{larinier:20180828:when:0389d90, author = {Sébastien Larinier}, title = {{When a malware is more complex than the paper}}, date = {2018-08-28}, organization = {Medium Sebdraven}, url = {https://medium.com/@Sebdraven/when-a-malware-is-more-complex-than-the-paper-5822fc7ff257}, language = {English}, urldate = {2020-01-13} } When a malware is more complex than the paper
Felixroot
2018-07-26FireEyeSwapnil Patil
@online{patil:20180726:microsoft:f03d7c7, author = {Swapnil Patil}, title = {{Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign}}, date = {2018-07-26}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html}, language = {English}, urldate = {2019-12-20} } Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign
Felixroot
2017-05-31MITREMITRE ATT&CK
@online{attck:20170531:sandworm:1a9a446, author = {MITRE ATT&CK}, title = {{Sandworm Team}}, date = {2017-05-31}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0034}, language = {English}, urldate = {2022-08-25} } Sandworm Team
CyclopsBlink Exaramel BlackEnergy EternalPetya Exaramel GreyEnergy KillDisk MimiKatz Olympic Destroyer Sandworm

Credits: MISP Project