Wapack Labs has identified 699 unique IP addresses believed to be infected by or associated with, possible delivery of Black Energy. Some of these connections contained an href user agent (pointing at another location), others appeared infected with Black Energy and were identified checking into our Black Energy sinkholes.
Black Energy, as you may recall, was used against Ukraine on 23 December 2015, in coordinated attacks against multiple regional distribution power companies in Ivano-Frankivsk Oblast, including Prykarpattya Oblenergo and Kyiv Oblenergo, resulting in a power a outages lasting for approximately three to six hours.
To view the full Black Energy report from 2015 or to download the last 90 days of Black Energy observed indicators:
Please sign into your Wapack Labs Cyber Threat Analysis Center account using your two factor authentication, and follow:
- For the 2015 Black Energy Report: The full report may be seen in Wapack Labs CTAC
- For Black Energy Sinkhole findings: https://10.0.1.11:5601/goto/be9ab84a2039861d2b450922866815d4
The first 25 lines of this 1274 line output is shown below:
| last_seen | attribution | indicator |
| November 10th 2018, 00:00:00.000 | black_energy | 111.231.190.181 |
| November 10th 2018, 00:00:00.000 | black_energy | 141.8.144.35 |
| November 10th 2018, 00:00:00.000 | black_energy | 176.14.99.89 |
| November 10th 2018, 00:00:00.000 | black_energy | 190.61.17.194 |
| November 10th 2018, 00:00:00.000 | black_energy | 193.169.252.181 |
| November 10th 2018, 00:00:00.000 | black_energy | 194.154.78.242 |
| November 10th 2018, 00:00:00.000 | black_energy | 37.120.167.61 |
| November 10th 2018, 00:00:00.000 | black_energy | 66.249.79.73 |
| November 10th 2018, 00:00:00.000 | black_energy | 67.231.16.203 |
| November 10th 2018, 00:00:00.000 | black_energy | 80.90.55.169 |
| November 10th 2018, 00:00:00.000 | black_energy | 82.102.22.109 |
| November 10th 2018, 00:00:00.000 | black_energy | 84.177.4.100 |
| November 10th 2018, 00:00:00.000 | black_energy | 84.177.4.193 |
| November 10th 2018, 00:00:00.000 | black_energy | 89.163.131.166 |
| November 10th 2018, 00:00:00.000 | black_energy | 95.76.39.109 |
| November 11th 2018, 00:00:00.000 | black_energy | 117.158.185.183 |
| November 11th 2018, 00:00:00.000 | black_energy | 176.74.192.71 |
| November 11th 2018, 00:00:00.000 | black_energy | 177.86.116.70 |
| November 11th 2018, 00:00:00.000 | black_energy | 178.63.26.114 |
| November 11th 2018, 00:00:00.000 | black_energy | 185.117.118.148 |
| November 11th 2018, 00:00:00.000 | black_energy | 47.94.111.66 |
| November 11th 2018, 00:00:00.000 | black_energy | 80.90.55.168 |
| November 11th 2018, 00:00:00.000 | black_energy | 80.90.55.171 |
| November 11th 2018, 00:00:00.000 | black_energy | 80.90.55.172 |
Comments