Read this white paper to learn:

  • The high-level flow of the GreyEnergy phishing campaign
  • How the malware disguises itself and its functionality
  • How each stage of the malware works
    • Stage 0 - Malicious Word Document
    • Stage 1 - Packer
    • Stage 2 - Dropper
  • About two new tools for further GreyEnergy analysis


    • FROM THE RESEARCH REPORT
      “Using multiple techniques, I investigated the three components of infection, the malicious Word document, the custom packer, and the final dropper. My deepest analysis was done on the packer, and it shows that the threat actors' broad use of anti-forensic techniques underlines their attempt to be stealthy and ensure the infection would go unnoticed."
      ALESSANDRO DI PINTO
      DIRECTOR OF SECURITY RESEARCH, NOZOMI NETWORKS