The first public analysis of the malware campaign (called BlackEnergy by most researchers) was done by Arbor Networks back in October 2007, and Dell SecureWorks did a comprehensive write-up on its second generation in 2010. Additional information on this malware campaign:
- We Live Security blog - Back in BlackEnergy: 2014 Targeted Attacks in Ukraine and Poland
- 2014 Virus Bulletin Conference - Last-minute paper: Back in BlackEnergy: 2014 targeted attacks in the Ukraine and Poland and YouTube video of the presentation
- We Live Security blog - CVE-2014-4114: Details on August BlackEnergy PowerPoint Campaigns
- Virus Radar - description of Win32/Rootkit.BlackEnergy.AA
Hope this is information is useful to anyone who might be concerned they have compromised hosts on their network.