ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool DistTrack

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DistTrack

NamesDistTrack
Shamoon
CategoryMalware
TypeICS malware, Wiper, Worm
Description(Cylance) The malware known as Disttrack is a destructive worm that targets a system’s master boot record (MBR). Disttrack is also known as Shamoon because the original payload included debugging information that referenced a programming database file with this unique name in the path.

Disttrack’s payload has spread in waves, mainly targeting Saudi Arabia’s critical infrastructure, including, but not limited to: Saudi Aramco, Saudi Arabia’s General Authority of Civil Aviation (GACA), and the Saudi Electric Company, leaving critical systems unusable. It is relentless, stealthy, and persistent as it waits in the shadows of infected computers as a Windows service and attacks on hardcoded dates, like a ticking time-bomb waiting to go off every 90 seconds.
Information<https://threatvector.cylance.com/en_us/home/threat-spotlight-disttrack-malware.html>
<http://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html>
<http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/>
<http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-disttrack/>
<https://unit42.paloaltonetworks.com/unit42-second-wave-shamoon-2-attacks-identified/>
<https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/>
<http://www.vinransomware.com/blog/detailed-threat-analysis-of-shamoon-2-0-malware>
<https://www.codeandsec.com/Sophisticated-CyberWeapon-Shamoon-2-Malware-Analysis>
MITRE ATT&CK<https://attack.mitre.org/software/S0140/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.disttrack>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Disttrack>
<https://otx.alienvault.com/browse/pulses?q=tag:shamoon>

Last change to this tool card: 13 June 2020

Download this tool card in JSON format

All groups using tool DistTrack

ChangedNameCountryObserved

APT groups

 APT 33, Elfin, MagnalliumIran2013-Nov 2019 
XCutting Kitten, TG-2889Iran2012-Mar 2016X
XMagic Hound, APT 35, Cobalt Illusion, Charming KittenIran2012-May 2022X
 OilRig, APT 34, Helix Kitten, ChryseneIran2014-May 2022X

4 groups listed (4 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]