130:/process-injection techniques, robust encryption, and a modular architecture known as a "dropper". This decrypts and decompresses the rootkit driver binary and installs it on the victim machine as a server with a randomly generated name. As an update on BlackEnergy 1, it combines older rootkit source code with new functions for unpacking and injecting modules into user processes. Packed content is compressed using the
138:
cipher. A hard-coded 128-bit key decrypts embedded content. For decrypting network traffic, the cipher uses the bot's unique identification string as the key. A second variation of the encryption/compression scheme adds an initialization vector to the modified RC4 cipher for additional protection in
48:(aka Voodoo Bear) is attributed with using BlackEnergy targeted attacks. The attack is distributed via a Word document or PowerPoint attachment in an email, luring victims into clicking the seemingly legitimate file.
139:
the dropper and rootkit unpacking stub, but is not used in the inner rootkit nor in the userspace modules. The primary modification in the RC4 implementation in BlackEnergy 2 lies in the key-scheduling algorithm.
843:
863:
468:
64:(C&C) server. Cybercriminals use the BlackEnergy bot builder toolkit to generate customized bot client executable files that are then distributed to targets via
529:
77:
1015:
555:
171:
833:
777:
298:
2008:
823:
592:
72:
e-mail campaigns. BE1 lacks the exploit functionalities and relies on external tools to load the bot. BlackEnergy can be detected using the
947:
351:
1361:
828:
387:
166:
The latest full version of BlackEnergy emerged in 2014. The changes simplified the malware code: this version installer drops the main
1495:
1477:
978:
756:
522:
1501:
1027:
988:
623:
802:
1561:
1507:
1082:
973:
337:
909:
746:
648:
968:
741:
848:
560:
550:
515:
28:
494:
1722:
1112:
899:
838:
797:
695:
1217:
952:
715:
1906:
1247:
1102:
894:
787:
731:
167:
1998:
1387:
1356:
983:
2003:
1525:
1092:
1010:
916:
889:
170:(DLL) component directly to the local application data folder. This variant of the malware was involved in the
389:
Threat
Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid
1681:
1345:
818:
751:
597:
45:
309:
1555:
1411:
1242:
904:
56:
BlackEnergy's code facilitates different attack types to infect target machines. It is also equipped with
57:
1696:
1531:
1315:
679:
457:
386:
Khan, Rafiullah; Maynard, Peter; McLaughlin, Kieran; Laverty, David M.; Sezer, Sakir (1 October 2016).
1459:
1340:
1052:
761:
710:
705:
1958:
1830:
858:
674:
61:
41:
1968:
1963:
1860:
1489:
1252:
1178:
868:
669:
111:
DDoS attack commands (e.g. ICMP flood, TCP SYN flood, UDP flood, HTTP get flood, DNS flood, etc.)
397:
Proceedings of the 4th
International Symposium for ICS & SCADA Cyber Security Research 2016
1973:
1855:
1825:
1429:
1285:
643:
607:
408:
1901:
1753:
1676:
1325:
1262:
1137:
586:
400:
1911:
1886:
1850:
1778:
1691:
1686:
1330:
1122:
1032:
736:
1650:
1645:
1335:
1320:
1310:
1305:
1237:
1212:
1207:
1202:
1147:
602:
1992:
1773:
1232:
1191:
1187:
1183:
439:
1717:
1671:
1471:
1435:
1290:
1280:
1173:
1168:
1163:
1037:
853:
782:
114:
Download commands to retrieve and launch new or updated executables from its server
1953:
1943:
1891:
1799:
1655:
1465:
1295:
1022:
653:
189:
1896:
1881:
1809:
1599:
1549:
1453:
1405:
1381:
1369:
1227:
1152:
1142:
1132:
1117:
1077:
1002:
633:
404:
226:
92:
65:
1927:
1804:
1768:
1758:
1630:
1447:
1197:
1127:
1067:
628:
211:
365:
1835:
1763:
1748:
1567:
1543:
1417:
1399:
1300:
1222:
1057:
1042:
942:
921:
700:
69:
396:
1865:
1738:
1701:
1635:
1614:
1584:
1537:
1519:
1441:
1375:
1157:
1072:
1062:
1047:
507:
127:
1948:
1840:
1794:
1609:
1423:
1393:
1272:
1257:
1087:
926:
638:
495:"BlackEnergy – what we really know about the notorious cyber attacks"
1573:
1513:
1483:
792:
1845:
1640:
884:
131:
98:
Has a runtime encrypter to evade detection by antivirus software
73:
23:
511:
338:"Updated BlackEnergy Trojan Grows More Powerful - McAfee Blogs"
154:
Updates itself and its plugins with command and control servers
135:
824:
134:
algorithm and encrypted using a modified version of the
352:"Details on August BlackEnergy PowerPoint Campaigns"
1936:
1920:
1874:
1818:
1787:
1731:
1710:
1664:
1623:
1592:
1583:
1354:
1271:
1101:
1001:
961:
935:
877:
811:
770:
724:
688:
662:
616:
579:
572:
101:
Hides its processes in a system driver (syssrv.sys)
433:
431:
429:
36:emerged with capabilities beyond DDoS. In 2014,
864:Russian interference in the 2016 U.S. elections
264:— Query system hardware, BIOS, and Windows info
26:-based toolkit that generated bots to execute
523:
493:Cherepanov A., Lipovsky R. (7 October 2016).
78:United States Department of Homeland Security
8:
332:
330:
172:December 2015 Ukraine power grid cyberattack
834:Democratic National Committee cyber attacks
1589:
778:Office of Personnel Management data breach
576:
530:
516:
508:
292:
290:
117:Control commands (e.g. stop, wait, or die)
60:which the perpetrators can develop in the
381:
379:
1743:
1604:
198:— System information, “BlackEnergy Lite”
440:"BlackEnergy Version 2 Threat Analysis"
286:
234:— Network discovery, remote execution
151:Can download and execute remote files
7:
366:"BlackEnergy APT Malware - RSA Link"
829:Commission on Elections data breach
157:Can execute die or destroy commands
14:
989:Jeff Bezos phone hacking incident
126:BlackEnergy 2 uses sophisticated
44:. A Russian-based group known as
22:was first reported in 2007 as an
1562:Microarchitectural Data Sampling
798:Ukrainian Power Grid Cyberattack
706:Cyberterrorism attack of June 25
474:from the original on 28 May 2022
458:"ThreatSTOP Report: BlackEnergy"
246:— Simple pseudo “remote desktop”
40:came equipped with a variety of
910:2017 Ukraine ransomware attacks
747:2014 JPMorgan Chase data breach
299:"BlackEnergy DDoS Bot Analysis"
742:2014 celebrity nude photo leak
297:Nazario, Jose (October 2007).
16:Toolkit for generating malware
1:
2009:Cyberattacks on energy sector
979:Bulgarian revenue agency hack
757:Russian hacker password theft
29:distributed denial of service
1113:Bangladesh Black Hat Hackers
589:(publication of 2009 events)
438:Joe Stewart (3 March 2010).
974:Baltimore ransomware attack
76:signatures provided by the
2025:
1248:Tailored Access Operations
895:WannaCry ransomware attack
788:Ashley Madison data breach
732:Anthem medical data breach
649:PlayStation network outage
168:dynamically linked library
984:WhatsApp snooping scandal
849:Indian Bank data breaches
543:
91:Can target more than one
1526:Speculative Store Bypass
1093:Ukrainian Cyber Alliance
890:2017 Macron e-mail leaks
900:Westminster data breach
819:Bangladesh Bank robbery
762:2014 Yahoo! data breach
752:2014 Sony Pictures hack
711:2013 Yahoo! data breach
696:South Korea cyberattack
598:Operation Olympic Games
593:Australian cyberattacks
405:10.14236/ewic/ICS2016.7
258:— List Windows accounts
148:Can execute local files
1243:Syrian Electronic Army
953:SingHealth data breach
716:Singapore cyberattacks
654:RSA SecurID compromise
1532:Lazy FP state restore
1316:Kristoffer von Hassel
969:Sri Lanka cyberattack
839:Vietnam Airport Hacks
680:Operation High Roller
1478:Silent Bob is Silent
538:Hacking in the 2010s
204:— Parasitic infector
1412:SS7 vulnerabilities
948:Atlanta cyberattack
917:Equifax data breach
675:Stratfor email leak
624:Canadian government
603:Operation ShadowNet
444:www.secureworks.com
315:on 21 February 2020
162:BlackEnergy 3 (BE3)
122:BlackEnergy 2 (BE2)
62:command and control
58:server-side scripts
52:BlackEnergy 1 (BE1)
20:BlackEnergy Malware
1861:Petya and NotPetya
1490:ROCA vulnerability
1253:The Shadow Brokers
1179:Iranian Cyber Army
1105:persistent threats
905:Petya and NotPetya
869:2016 Bitfinex hack
844:DCCC cyber attacks
803:SWIFT banking hack
414:on 20 October 2016
340:. 14 January 2016.
219:— Password stealer
32:attacks. In 2010,
1986:
1985:
1982:
1981:
1974:ZeroAccess botnet
1286:Mustafa Al-Bassam
1053:New World Hackers
1016:associated events
997:
996:
793:VTech data breach
644:Operation AntiSec
608:Operation Payback
567:
566:
370:community.rsa.com
354:. 4 October 2014.
212:Keystroke Logging
2016:
1999:Malware toolkits
1590:
1263:Yemen Cyber Army
587:Operation Aurora
577:
546:
545:
532:
525:
518:
509:
502:
501:
499:
490:
484:
483:
481:
479:
473:
467:. 7 March 2016.
462:
454:
448:
447:
435:
424:
423:
421:
419:
413:
407:. Archived from
394:
383:
374:
373:
372:. 23 March 2016.
362:
356:
355:
348:
342:
341:
334:
325:
324:
322:
320:
314:
308:. Archived from
303:
294:
270:— Destroy system
252:— Update malware
2024:
2023:
2019:
2018:
2017:
2015:
2014:
2013:
2004:Windows trojans
1989:
1988:
1987:
1978:
1932:
1916:
1870:
1814:
1783:
1727:
1706:
1660:
1619:
1579:
1359:
1357:vulnerabilities
1350:
1267:
1160:(confederation)
1123:Charming Kitten
1104:
1097:
1033:Goatse Security
993:
957:
931:
922:Deloitte breach
873:
859:Dyn cyberattack
807:
766:
737:Operation Tovar
720:
684:
658:
612:
573:Major incidents
568:
539:
536:
506:
505:
497:
492:
491:
487:
477:
475:
471:
460:
456:
455:
451:
437:
436:
427:
417:
415:
411:
392:
385:
384:
377:
364:
363:
359:
350:
349:
345:
336:
335:
328:
318:
316:
312:
301:
296:
295:
288:
283:
180:
164:
145:
124:
108:
86:
54:
17:
12:
11:
5:
2022:
2020:
2012:
2011:
2006:
2001:
1991:
1990:
1984:
1983:
1980:
1979:
1977:
1976:
1971:
1966:
1961:
1956:
1951:
1946:
1940:
1938:
1934:
1933:
1931:
1930:
1924:
1922:
1918:
1917:
1915:
1914:
1909:
1904:
1899:
1894:
1889:
1884:
1878:
1876:
1872:
1871:
1869:
1868:
1863:
1858:
1853:
1848:
1843:
1838:
1833:
1828:
1822:
1820:
1816:
1815:
1813:
1812:
1807:
1802:
1797:
1791:
1789:
1785:
1784:
1782:
1781:
1776:
1771:
1766:
1761:
1756:
1751:
1746:
1744:Black Energy 3
1741:
1735:
1733:
1729:
1728:
1726:
1725:
1720:
1714:
1712:
1708:
1707:
1705:
1704:
1699:
1694:
1689:
1684:
1679:
1674:
1668:
1666:
1662:
1661:
1659:
1658:
1653:
1651:Metulji botnet
1648:
1643:
1638:
1633:
1627:
1625:
1621:
1620:
1618:
1617:
1612:
1607:
1605:Black Energy 2
1602:
1596:
1594:
1587:
1581:
1580:
1578:
1577:
1571:
1565:
1559:
1553:
1547:
1541:
1535:
1529:
1523:
1517:
1511:
1505:
1499:
1493:
1487:
1481:
1475:
1469:
1463:
1460:Broadcom Wi-Fi
1457:
1451:
1445:
1439:
1433:
1427:
1421:
1415:
1409:
1403:
1397:
1391:
1385:
1379:
1373:
1366:
1364:
1352:
1351:
1349:
1348:
1343:
1338:
1333:
1328:
1323:
1321:Junaid Hussain
1318:
1313:
1311:Jeremy Hammond
1308:
1306:Elliott Gunton
1303:
1298:
1293:
1288:
1283:
1277:
1275:
1269:
1268:
1266:
1265:
1260:
1255:
1250:
1245:
1240:
1238:Stealth Falcon
1235:
1230:
1225:
1220:
1215:
1213:PLA Unit 61486
1210:
1208:PLA Unit 61398
1205:
1203:Numbered Panda
1200:
1195:
1181:
1176:
1171:
1166:
1161:
1155:
1150:
1148:Equation Group
1145:
1140:
1135:
1130:
1125:
1120:
1115:
1109:
1107:
1099:
1098:
1096:
1095:
1090:
1085:
1080:
1075:
1070:
1065:
1060:
1055:
1050:
1045:
1040:
1035:
1030:
1025:
1020:
1019:
1018:
1007:
1005:
999:
998:
995:
994:
992:
991:
986:
981:
976:
971:
965:
963:
959:
958:
956:
955:
950:
945:
939:
937:
933:
932:
930:
929:
924:
919:
914:
913:
912:
902:
897:
892:
887:
881:
879:
875:
874:
872:
871:
866:
861:
856:
851:
846:
841:
836:
831:
826:
821:
815:
813:
809:
808:
806:
805:
800:
795:
790:
785:
780:
774:
772:
768:
767:
765:
764:
759:
754:
749:
744:
739:
734:
728:
726:
722:
721:
719:
718:
713:
708:
703:
698:
692:
690:
686:
685:
683:
682:
677:
672:
666:
664:
660:
659:
657:
656:
651:
646:
641:
639:HBGary Federal
636:
631:
626:
620:
618:
614:
613:
611:
610:
605:
600:
595:
590:
583:
581:
574:
570:
569:
565:
564:
558:
553:
544:
541:
540:
537:
535:
534:
527:
520:
512:
504:
503:
485:
465:threatstop.com
449:
425:
375:
357:
343:
326:
306:Arbor Networks
285:
284:
282:
279:
278:
277:
276:— Network scan
271:
265:
259:
253:
247:
241:
235:
229:
220:
214:
205:
199:
193:
179:
176:
163:
160:
159:
158:
155:
152:
149:
144:
141:
123:
120:
119:
118:
115:
112:
107:
104:
103:
102:
99:
96:
85:
82:
53:
50:
15:
13:
10:
9:
6:
4:
3:
2:
2021:
2010:
2007:
2005:
2002:
2000:
1997:
1996:
1994:
1975:
1972:
1970:
1967:
1965:
1962:
1960:
1957:
1955:
1952:
1950:
1947:
1945:
1942:
1941:
1939:
1935:
1929:
1926:
1925:
1923:
1919:
1913:
1910:
1908:
1905:
1903:
1900:
1898:
1895:
1893:
1890:
1888:
1885:
1883:
1880:
1879:
1877:
1873:
1867:
1864:
1862:
1859:
1857:
1854:
1852:
1849:
1847:
1844:
1842:
1839:
1837:
1834:
1832:
1829:
1827:
1824:
1823:
1821:
1817:
1811:
1808:
1806:
1803:
1801:
1798:
1796:
1793:
1792:
1790:
1786:
1780:
1777:
1775:
1774:Gameover ZeuS
1772:
1770:
1767:
1765:
1762:
1760:
1757:
1755:
1752:
1750:
1747:
1745:
1742:
1740:
1737:
1736:
1734:
1730:
1724:
1721:
1719:
1716:
1715:
1713:
1709:
1703:
1700:
1698:
1695:
1693:
1690:
1688:
1685:
1683:
1680:
1678:
1675:
1673:
1670:
1669:
1667:
1663:
1657:
1654:
1652:
1649:
1647:
1644:
1642:
1639:
1637:
1634:
1632:
1629:
1628:
1626:
1622:
1616:
1613:
1611:
1608:
1606:
1603:
1601:
1598:
1597:
1595:
1591:
1588:
1586:
1582:
1575:
1572:
1569:
1566:
1563:
1560:
1557:
1554:
1551:
1548:
1545:
1542:
1539:
1536:
1533:
1530:
1527:
1524:
1521:
1518:
1515:
1512:
1509:
1506:
1503:
1500:
1497:
1494:
1491:
1488:
1485:
1482:
1479:
1476:
1473:
1470:
1467:
1464:
1461:
1458:
1455:
1452:
1449:
1446:
1443:
1440:
1437:
1434:
1431:
1428:
1425:
1422:
1419:
1416:
1413:
1410:
1407:
1404:
1401:
1398:
1395:
1392:
1389:
1386:
1383:
1380:
1377:
1374:
1371:
1368:
1367:
1365:
1363:
1358:
1353:
1347:
1344:
1342:
1339:
1337:
1334:
1332:
1329:
1327:
1324:
1322:
1319:
1317:
1314:
1312:
1309:
1307:
1304:
1302:
1299:
1297:
1294:
1292:
1289:
1287:
1284:
1282:
1279:
1278:
1276:
1274:
1270:
1264:
1261:
1259:
1256:
1254:
1251:
1249:
1246:
1244:
1241:
1239:
1236:
1234:
1233:Rocket Kitten
1231:
1229:
1226:
1224:
1221:
1219:
1216:
1214:
1211:
1209:
1206:
1204:
1201:
1199:
1196:
1193:
1189:
1185:
1184:Lazarus Group
1182:
1180:
1177:
1175:
1172:
1170:
1167:
1165:
1162:
1159:
1156:
1154:
1151:
1149:
1146:
1144:
1141:
1139:
1136:
1134:
1131:
1129:
1126:
1124:
1121:
1119:
1116:
1114:
1111:
1110:
1108:
1106:
1100:
1094:
1091:
1089:
1086:
1084:
1081:
1079:
1076:
1074:
1071:
1069:
1066:
1064:
1061:
1059:
1056:
1054:
1051:
1049:
1046:
1044:
1041:
1039:
1036:
1034:
1031:
1029:
1026:
1024:
1021:
1017:
1014:
1013:
1012:
1009:
1008:
1006:
1004:
1000:
990:
987:
985:
982:
980:
977:
975:
972:
970:
967:
966:
964:
960:
954:
951:
949:
946:
944:
941:
940:
938:
934:
928:
927:Disqus breach
925:
923:
920:
918:
915:
911:
908:
907:
906:
903:
901:
898:
896:
893:
891:
888:
886:
883:
882:
880:
876:
870:
867:
865:
862:
860:
857:
855:
852:
850:
847:
845:
842:
840:
837:
835:
832:
830:
827:
825:
822:
820:
817:
816:
814:
810:
804:
801:
799:
796:
794:
791:
789:
786:
784:
781:
779:
776:
775:
773:
769:
763:
760:
758:
755:
753:
750:
748:
745:
743:
740:
738:
735:
733:
730:
729:
727:
723:
717:
714:
712:
709:
707:
704:
702:
701:Snapchat hack
699:
697:
694:
693:
691:
687:
681:
678:
676:
673:
671:
670:LinkedIn hack
668:
667:
665:
661:
655:
652:
650:
647:
645:
642:
640:
637:
635:
632:
630:
627:
625:
622:
621:
619:
615:
609:
606:
604:
601:
599:
596:
594:
591:
588:
585:
584:
582:
578:
575:
571:
563: →
562:
559:
557:
554:
552:
549:←
548:
547:
542:
533:
528:
526:
521:
519:
514:
513:
510:
496:
489:
486:
470:
466:
459:
453:
450:
445:
441:
434:
432:
430:
426:
410:
406:
402:
398:
391:
390:
382:
380:
376:
371:
367:
361:
358:
353:
347:
344:
339:
333:
331:
327:
311:
307:
300:
293:
291:
287:
280:
275:
272:
269:
266:
263:
260:
257:
254:
251:
248:
245:
242:
240:— Team viewer
239:
236:
233:
230:
228:
224:
221:
218:
215:
213:
209:
206:
203:
200:
197:
194:
191:
187:
184:
183:
182:
177:
175:
173:
169:
161:
156:
153:
150:
147:
146:
142:
140:
137:
133:
129:
121:
116:
113:
110:
109:
106:Command types
105:
100:
97:
94:
90:
89:
88:
83:
81:
79:
75:
71:
67:
63:
59:
51:
49:
47:
43:
39:
38:BlackEnergy 3
35:
34:BlackEnergy 2
31:
30:
25:
21:
1718:CryptoLocker
1472:DoublePulsar
1291:Cyber Anakin
1281:Ryan Ackroyd
1174:Helix Kitten
1169:Hacking Team
1164:Guccifer 2.0
1038:Lizard Squad
854:Surkov leaks
783:Hacking Team
488:
476:. Retrieved
464:
452:
443:
416:. Retrieved
409:the original
388:
369:
360:
346:
317:. Retrieved
310:the original
305:
273:
267:
261:
255:
249:
243:
237:
231:
222:
216:
207:
201:
195:
185:
181:
165:
143:Capabilities
125:
95:per hostname
87:
84:Key features
55:
37:
33:
27:
19:
18:
1954:NetTraveler
1892:LogicLocker
1800:Hidden Tear
1697:Red October
1556:Dragonblood
1466:EternalBlue
1430:Stagefright
1296:George Hotz
1273:Individuals
1023:CyberBerkut
227:Screenshots
190:File system
1993:Categories
1897:Rensenware
1882:BrickerBot
1810:TeslaCrypt
1600:Bad Rabbit
1550:Foreshadow
1454:Cloudbleed
1406:Row hammer
1388:Shellshock
1382:Heartbleed
1370:Evercookie
1346:The Jester
1228:Red Apollo
1188:BlueNorOff
1158:GOSSIPGIRL
1153:Fancy Bear
1143:Elfin Team
1138:DarkMatter
1133:Dark Basin
1118:Bureau 121
1078:Teamp0ison
1003:Hacktivism
634:DNSChanger
478:5 November
418:5 November
281:References
192:operations
93:IP address
66:email spam
1928:VPNFilter
1805:Rombertik
1769:FinFisher
1759:DarkHotel
1723:DarkSeoul
1631:Coreflood
1496:BlueBorne
1448:Dirty COW
1362:disclosed
1360:publicly
1198:NSO Group
1128:Cozy Bear
1068:PayPal 14
1011:Anonymous
885:SHAttered
629:DigiNotar
1969:Titanium
1912:XafeCopy
1907:WannaCry
1836:KeRanger
1764:Duqu 2.0
1749:Carbanak
1568:BlueKeep
1544:SigSpoof
1502:Meltdown
1418:WinShock
1400:Rootpipe
1301:Guccifer
1223:Pranknet
1218:PLATINUM
1192:AndAriel
1103:Advanced
1058:NullCrew
1043:LulzRaft
943:Trustico
556:Timeline
469:Archived
319:17 April
274:scan.dll
268:dstr.dll
178:Plug-ins
70:phishing
46:Sandworm
42:plug-ins
1866:X-Agent
1856:Pegasus
1739:Brambul
1702:Shamoon
1646:Kelihos
1636:Alureon
1615:Stuxnet
1585:Malware
1538:TLBleed
1520:Exactis
1508:Spectre
1442:Badlock
1376:iSeeYou
1341:Topiary
1073:RedHack
1063:OurMine
1048:LulzSec
128:rootkit
80:(DHS).
1949:Joanap
1902:Triton
1841:Necurs
1831:Jigsaw
1826:Hitler
1795:Dridex
1754:Careto
1677:Dexter
1610:SpyEye
1576:(2019)
1570:(2019)
1564:(2019)
1558:(2019)
1552:(2018)
1546:(2018)
1540:(2018)
1534:(2018)
1528:(2018)
1522:(2018)
1516:(2018)
1510:(2018)
1504:(2018)
1498:(2017)
1492:(2017)
1486:(2017)
1480:(2017)
1474:(2017)
1468:(2017)
1462:(2017)
1456:(2017)
1450:(2016)
1444:(2016)
1438:(2016)
1432:(2015)
1426:(2015)
1424:JASBUG
1420:(2014)
1414:(2014)
1408:(2014)
1402:(2014)
1396:(2014)
1394:POODLE
1390:(2014)
1384:(2014)
1378:(2013)
1372:(2010)
1355:Major
1336:Track2
1258:xDedic
1088:UGNazi
262:bs.dll
256:dc.dll
250:up.dll
244:rd.dll
238:tv.dll
232:vs.dll
223:ss.dll
217:ps.dll
208:ki.dll
202:jn.dll
196:si.dll
186:fs.dll
1964:Tinba
1851:Mirai
1779:Regin
1692:Mahdi
1687:Flame
1672:Carna
1656:Stars
1574:Kr00k
1514:EFAIL
1484:KRACK
1436:DROWN
561:2020s
551:2000s
498:(PDF)
472:(PDF)
461:(PDF)
412:(PDF)
393:(PDF)
313:(PDF)
302:(PDF)
1959:R2D2
1944:Grum
1937:2019
1921:2018
1887:Kirk
1875:2017
1846:MEMZ
1819:2016
1788:2015
1732:2014
1711:2013
1665:2012
1641:Duqu
1624:2011
1593:2010
1331:Sabu
1083:TDO
1028:GNAA
962:2019
936:2018
878:2017
812:2016
771:2015
725:2014
689:2013
663:2012
617:2011
580:2010
480:2022
420:2022
321:2019
132:LZ77
74:YARA
68:and
24:HTTP
1682:FBI
1326:MLT
1190:) (
401:doi
136:RC4
1995::
463:.
442:.
428:^
399:.
395:.
378:^
368:.
329:^
304:.
289:^
225:—
210:—
188:—
174:.
1194:)
1186:(
531:e
524:t
517:v
500:.
482:.
446:.
422:.
403::
323:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.