 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: KillDisk| Names | KillDisk Win32/KillDisk.NBI Win32/KillDisk.NBH Win32/KillDisk.NBD Win32/KillDisk.NBC Win32/KillDisk.NBB | |
| Category | Malware | |
| Type | Wiper | |
| Description | (Trend Micro) The malware has since metamorphosed into a threat used for digital extortion, affecting Windows and Linux platforms. The note accompanying the ransomware versions, like in the case of Petya, was a ruse: Because KillDisk also overwrites and deletes files (and don’t store the encryption keys on disk or online), recovering the scrambled files was out of the question. The new variant we found, however, does not include a ransom note. | |
| Information | <https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/> <http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0607/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.killdisk> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:killdisk> | |
Last change to this tool card: 30 December 2022
Download this tool card in JSON format
Previous: Kikothac
Next: Killua
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | Lazarus Group, Hidden Cobra, Labyrinth Chollima |  | 2007-Sep 2024  |  | |
| TeleBots |  | 2015-Oct 2020 | | ||
2 groups listed (2 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |