{"id":47010,"date":"2016-01-14T10:33:30","date_gmt":"2016-01-14T18:33:30","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=47010"},"modified":"2025-06-08T18:24:08","modified_gmt":"2025-06-09T01:24:08","slug":"updated-blackenergy-trojan-grows-more-powerful","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/","title":{"rendered":"Updated BlackEnergy Trojan Grows More Powerful"},"content":{"rendered":"<p>In late December, <a href=\"http:\/\/arstechnica.com\/security\/2016\/01\/first-known-hacker-caused-power-outage-signals-troubling-escalation\/\">a cyberattack caused a power outage<\/a> in the Ukraine, plunging hundreds of thousands of citizens into darkness for hours. Threat researchers soon confirmed that the BlackEnergy malware package, first developed in 2007, was the culprit. They also discovered that the malware has been significantly upgraded since its first release.<\/p>\n<p>The initial BlackEnergy was a simple Trojan with distributed denial of service capabilities. Since then, there have been two upgrades.<\/p>\n<h2><strong>BlackEnergy 2<\/strong><\/h2>\n<p>In 2010, BlackEnergy 2 appeared. In that development cycle, the authors completely rewrote the code and began to incorporate a more professional approach. For example, they implemented a rudimentary installer that made it simpler to use BlackEnergy.<\/p>\n<p>With the growth in BlackEnergy 2\u2019s popularity, the authors decided that they needed to add additional features and provide BlackEnergy with a more modular framework. In 2011, they added UAC bypass installers. This method allowed BlackEnergy 2 to gain elevated code execution privileges using the framework Microsoft provides to help legacy applications work with newer versions of Windows. One of BlackEnergy 2\u2019s most impressive features was released in 2013 with the support of 64-bit drivers.<\/p>\n<h2><strong>BlackEnergy 3<\/strong><\/h2>\n<p>In the second quarter of 2014, F-Secure was the <a href=\"https:\/\/www.f-secure.com\/documents\/996508\/1030745\/blackenergy_whitepaper.pdf\">first to report<\/a> a new variant of BlackEnergy. This variant no longer uses many of the features of BlackEnergy 2.<\/p>\n<p>Each major release has seen an almost complete rewrite of the code. BlackEnergy 3 has more advanced features than its predecessors and is more cleanly developed. The new release does not have a driver, the build ID format is a timestamp, and it has many advanced protection mechanisms. These internal protections include defenses against virtual environments, antidebugging methods, and continued checks throughout the code that will kill the program if it detects other security functions or countermeasures. What stands out about Black Energy 3 are the variety of plug-ins it incorporates:<\/p>\n<p>BlackEnergy 3 plug-ins*:<\/p>\n<ul>\n<li>fs.dll \u2014 File system operations<\/li>\n<li>si.dll \u2014 System information, \u201cBlackEnergy Lite\u201d<\/li>\n<li>jn.dll \u2014 Parasitic infector<\/li>\n<li>ki.dll \u2014 Keylogger<\/li>\n<li>ps.dll \u2014 Password stealer<\/li>\n<li>ss.dll \u2014 Screenshots<\/li>\n<li>vs.dll \u2014 Network discovery, remote execution<\/li>\n<li>tv.dll \u2014 Team viewer<\/li>\n<li>rd.dll \u2014 Simple pseudo \u201cremote desktop\u201d<\/li>\n<li>up.dll \u2014 Update malware<\/li>\n<li>dc.dll \u2014 List Windows accounts<\/li>\n<li>bs.dll \u2014 Query system hardware, BIOS, and Windows info<\/li>\n<li>dstr.dll \u2014 Destroy system<\/li>\n<li>scan.dll \u2014 Network scan<\/li>\n<\/ul>\n<p>These plug-ins are critical and powerful features in BlackEnergy 3 that make it a \u201cgo-to\u201d tool for both crimeware and state-sponsored actors.<\/p>\n<p>The Ukrainian critical infrastructure attack was initially seen as politically driven. Indeed, the use of BlackEnergy 3 could well be a cover for a targeted manual attack in an effort to disrupt availability.\u00a0 However, at this point in the analysis, attributing the attack to a group or actor is premature.<\/p>\n<p>Based on its functionality, BlackEnergy 3 could certainly be used by state-sponsored groups as it allows these actors to hide among other crimeware groups known to use BlackEnergy variants. Tradecraft is often shared and many actors like to impersonate other actors in efforts to hide their true affiliations and sponsorships.<\/p>\n<p>This is in stark contrast to <a href=\"https:\/\/en.wikipedia.org\/wiki\/Stuxnet\">Stuxnet,<\/a> which first captured headlines in 2010. Examination of the Stuxnet code by threat researchers revealed that the authors needed unique domain knowledge to execute it in a specific environment and that only state-sponsored groups likely had the insight and capability to create this malicious piece of code.<\/p>\n<p>At the end of this post you will find all of the MD5 hashes associated with BlackEnergy in 2015.\u00a0McAfee products provide full coverage for all hashes listed.<\/p>\n<p>Several of the malicious binaries used in these attacks contain fake Microsoft digital certificates. <a href=\"https:\/\/en.wikipedia.org\/wiki\/Code_signing\">The process of code signing<\/a> is used to authenticate the software\u2019s author and guarantee that the code has not been altered or corrupted since it was signed. Faking the code signing process reduces trust in this system and is indicative of a higher level of adversary involvement. Such techniques have been used by many actors and advanced-threat groups, but it is still too early to attribute this attack to any group or actor.<\/p>\n<p>We would like to thank McAfee Advanced Programs Group for their support in the development of this analysis.<\/p>\n<h2><strong>MD5 hashes associated with BlackEnergy 3 in 2015:<\/strong><\/h2>\n<p>Binaries allegedly associated with Ukraine attack:<\/p>\n<table width=\"273\">\n<tbody>\n<tr>\n<td width=\"273\">c2fb8a309aef65e46323d6710ccdd6ca<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">2cae5e949f1208d13150a9d492a706c1<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">ed55997aada076dc61e20e1d1218925a<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">60d3185aff17084297a2c4c2efdabdc9<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">7361b64ddca90a1a1de43185bd509b64<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">97d6d1b36171bc3eafdd0dc07e7a4d2d<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">72bd40cd60769baffd412b84acc03372<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">97b41d4b8d05a1e165ac4cc2a8ac6f39<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">979413f9916e8462e960a4eb794824fc<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">956246139f93a83f134a39cd55512f6d<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">d98f4fc6d8bb506b27d37b89f7ce89d0<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">66676deaa9dfe98f8497392064aefbab<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">8a40172ed289486c64cc684c3652e031<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">cd1aa880f30f9b8bb6cf4d4f9e41ddf4<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">0af5b1e8eaf5ee4bd05227bf53050770<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">1d6d926f9287b4e4cb5bfc271a164f51<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">e60854c96fab23f2c857dd6eb745961c<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Other BlackEnergy binaries:<\/p>\n<table width=\"273\">\n<tbody>\n<tr>\n<td width=\"273\">97b7577d13cf5e3bf39cbe6d3f0a7732<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">18e7885eab07ebfb6d1c9303b992ca21<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">66b96dcef158833027fcf222004b64d8<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">03e9477f8da8f6f61b03a01d5a38918f<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">0d2022d6148f521c43b9573cd79ead54<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">1e439a13df4b7603f5eb7a975235065e<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">a0b7b80c3c1d9c1c432a740fa17c6126<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">dcf6906a9a0c970bcd93f451b9b7932a<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">973e0c922eb07aad530d8a1de19c7755<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">557f8d4c6f8b386c32001def807dc715<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">fffeaba10fd83c59c28f025c99d063f8<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">0037b485aa6938ba2ead234e211425bb<\/td>\n<\/tr>\n<tr>\n<td width=\"273\">abeab18ebae2c3e445699d256d5f5fb1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><strong>BlackEnergy 3 IP addresses:<\/strong><\/h2>\n<table width=\"126\">\n<tbody>\n<tr>\n<td width=\"126\"><u>109.236.88.12<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>124.217.253.10<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>146.0.74.7<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>184.22.205.194<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>188.128.123.52<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>188.227.176.74<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>188.40.8.72<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>194.28.172.58<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>212.124.110.62<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>212.175.109.10<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>31.210.111.154<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>37.220.34.56<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>46.165.222.101<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>46.165.222.28<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>46.165.222.6<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>46.4.28.218<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>5.149.254.114<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>5.255.87.39<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>5.61.38.31<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>5.79.80.166<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>5.9.32.230<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>78.46.40.239<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>84.19.161.123<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>85.17.94.134<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>88.198.25.92<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>89.149.223.205<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>93.170.127.100<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>94.185.85.122<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>95.143.193.182<\/u><\/td>\n<\/tr>\n<tr>\n<td width=\"126\"><u>95.211.122.36<\/u><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In late December, a cyberattack caused a power outage in the Ukraine, plunging hundreds of thousands of citizens into darkness&#8230;<\/p>\n","protected":false},"author":460,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,180,18],"coauthors":[1359,3576],"class_list":["post-47010","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-malware","tag-network-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Updated BlackEnergy Trojan Grows More Powerful | McAfee Blog<\/title>\n<meta name=\"description\" content=\"In late December, a cyberattack caused a power outage in the Ukraine, plunging hundreds of thousands of citizens into darkness for hours. Threat\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Updated BlackEnergy Trojan Grows More Powerful | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"In late December, a cyberattack caused a power outage in the Ukraine, plunging hundreds of thousands of citizens into darkness for hours. Threat\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-01-14T18:33:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-09T01:24:08+00:00\" \/>\n<meta name=\"author\" content=\"Raj Samani, Christiaan Beek\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@raj_samani\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Raj Samani, Christiaan Beek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/\"},\"author\":{\"name\":\"Raj Samani\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c599d4c6fbfe639ab3c623dbab743efc\"},\"headline\":\"Updated BlackEnergy Trojan Grows More Powerful\",\"datePublished\":\"2016-01-14T18:33:30+00:00\",\"dateModified\":\"2025-06-09T01:24:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/\"},\"wordCount\":930,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"computer security\",\"malware\",\"network security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/\",\"name\":\"Updated BlackEnergy Trojan Grows More Powerful | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2016-01-14T18:33:30+00:00\",\"dateModified\":\"2025-06-09T01:24:08+00:00\",\"description\":\"In late December, a cyberattack caused a power outage in the Ukraine, plunging hundreds of thousands of citizens into darkness for hours. Threat\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Updated BlackEnergy Trojan Grows More Powerful\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c599d4c6fbfe639ab3c623dbab743efc\",\"name\":\"Raj Samani\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/84322977b2e4d74026259dbee600b443\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/Picture1-1-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/Picture1-1-96x96.png\",\"caption\":\"Raj Samani\"},\"description\":\"Raj Samani is Chief Scientist and Fellow for the Enterprise business. He has assisted multiple law enforcement agencies in cybercrime cases and is a special advisor to the European Cybercrime Centre in The Hague. Samani has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, and Intel Achievement Award, among others. He is the co-author of the book \\\"Applied Cyber Security and the Smart Grid\\\" and the \\\"CSA Guide to Cloud Computing,\\\" as well as technical editor for numerous other publications.\",\"sameAs\":[\"http:\/\/www.mcafee.com\/\",\"https:\/\/www.linkedin.com\/in\/raj-samani-3697b9\/\",\"https:\/\/x.com\/raj_samani\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/raj-samani\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Updated BlackEnergy Trojan Grows More Powerful | McAfee Blog","description":"In late December, a cyberattack caused a power outage in the Ukraine, plunging hundreds of thousands of citizens into darkness for hours. Threat","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Updated BlackEnergy Trojan Grows More Powerful | McAfee Blog","og_description":"In late December, a cyberattack caused a power outage in the Ukraine, plunging hundreds of thousands of citizens into darkness for hours. Threat","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-01-14T18:33:30+00:00","article_modified_time":"2025-06-09T01:24:08+00:00","author":"Raj Samani, Christiaan Beek","twitter_card":"summary_large_image","twitter_creator":"@raj_samani","twitter_site":"@McAfee","twitter_misc":{"Written by":"Raj Samani, Christiaan Beek","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/"},"author":{"name":"Raj Samani","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c599d4c6fbfe639ab3c623dbab743efc"},"headline":"Updated BlackEnergy Trojan Grows More Powerful","datePublished":"2016-01-14T18:33:30+00:00","dateModified":"2025-06-09T01:24:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/"},"wordCount":930,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["computer security","malware","network security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/","name":"Updated BlackEnergy Trojan Grows More Powerful | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2016-01-14T18:33:30+00:00","dateModified":"2025-06-09T01:24:08+00:00","description":"In late December, a cyberattack caused a power outage in the Ukraine, plunging hundreds of thousands of citizens into darkness for hours. Threat","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/updated-blackenergy-trojan-grows-more-powerful\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Updated BlackEnergy Trojan Grows More Powerful"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c599d4c6fbfe639ab3c623dbab743efc","name":"Raj Samani","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/84322977b2e4d74026259dbee600b443","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/Picture1-1-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/Picture1-1-96x96.png","caption":"Raj Samani"},"description":"Raj Samani is Chief Scientist and Fellow for the Enterprise business. He has assisted multiple law enforcement agencies in cybercrime cases and is a special advisor to the European Cybercrime Centre in The Hague. Samani has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, and Intel Achievement Award, among others. He is the co-author of the book \"Applied Cyber Security and the Smart Grid\" and the \"CSA Guide to Cloud Computing,\" as well as technical editor for numerous other publications.","sameAs":["http:\/\/www.mcafee.com\/","https:\/\/www.linkedin.com\/in\/raj-samani-3697b9\/","https:\/\/x.com\/raj_samani"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/raj-samani\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/460"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=47010"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47010\/revisions"}],"predecessor-version":[{"id":215270,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/47010\/revisions\/215270"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=47010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=47010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=47010"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=47010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}