DistTrack
Description
(Cylance) The malware known as Disttrack is a destructive worm that targets a system’s master boot record (MBR). Disttrack is also known as Shamoon because the original payload included debugging information that referenced a programming database file with this unique name in the path.
Disttrack’s payload has spread in waves, mainly targeting Saudi Arabia’s critical infrastructure, including, but not limited to: Saudi Aramco, Saudi Arabia’s General Authority of Civil Aviation (GACA), and the Saudi Electric Company, leaving critical systems unusable. It is relentless, stealthy, and persistent as it waits in the shadows of infected computers as a Windows service and attacks on hardcoded dates, like a ticking time-bomb waiting to go off every 90 seconds.
Names
| Name |
|---|
| DistTrack |
| Shamoon |
Category
Malware
Type
- ICS malware
- Wiper
- Worm
Information
- https://threatvector.cylance.com/en_us/home/threat-spotlight-disttrack-malware.html
- http://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html
- http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
- http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-disttrack/
- https://unit42.paloaltonetworks.com/unit42-second-wave-shamoon-2-attacks-identified/
- https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
- http://www.vinransomware.com/blog/detailed-threat-analysis-of-shamoon-2-0-malware
- https://www.codeandsec.com/Sophisticated-CyberWeapon-Shamoon-2-Malware-Analysis
Mitre Attack
Malpedia
Alienvault Otx
- https://otx.alienvault.com/browse/pulses?q=tag:Disttrack
- https://otx.alienvault.com/browse/pulses?q=tag:shamoon
Other Information
Uuid
3f2012fe-69e0-4c62-8695-c79a2d0ce48c
Last Card Change
2020-06-13