Analyzing the GreyEnergy Malware: from Maldoc to Backdoor

Analyzing the GreyEnergy Malware: from Maldoc to Backdoor

GreyEnergy is an Advanced Persistent Threat (APT) which has been targeting industrial networks in Eastern European countries for several years.

As a security analyst, I have studied the malware and provide a detailed description of how it works, from the moment that someone receives a phishing email, until the malware is installed in a PC. We also provide the GreyEnergy Unpacker, a free tool for other analysts to use for further analysis of this advanced persistent threat.

GreyEnergy Malware Targets Industrial Critical Infrastructure

GreyEnergy Malware Targets Industrial Critical Infrastructure

Recently a new advanced threat targeting the energy sector was disclosed. Called GreyEnergy, this malware is the successor to BlackEnergy, which brought down part of the Ukraine power grid in 2015.
Because of the significance of the malware, our Nozomi Networks Security Research team is evaluating it. Find out what is known about the malware to date.