ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool DistTrack

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DistTrack

TypeICS malware, Wiper, Worm
Description(Cylance) The malware known as Disttrack is a destructive worm that targets a system’s master boot record (MBR). Disttrack is also known as Shamoon because the original payload included debugging information that referenced a programming database file with this unique name in the path.

Disttrack’s payload has spread in waves, mainly targeting Saudi Arabia’s critical infrastructure, including, but not limited to: Saudi Aramco, Saudi Arabia’s General Authority of Civil Aviation (GACA), and the Saudi Electric Company, leaving critical systems unusable. It is relentless, stealthy, and persistent as it waits in the shadows of infected computers as a Windows service and attacks on hardcoded dates, like a ticking time-bomb waiting to go off every 90 seconds.
AlienVault OTX<>

Last change to this tool card: 13 June 2020

Download this tool card in JSON format

All groups using tool DistTrack


APT groups

 APT 33, Elfin, MagnalliumIran2013-Feb 2023 
 Cutting Kitten, TG-2889Iran2012-Mar 2016X
 Magic Hound, APT 35, Cobalt Illusion, Charming KittenIran2012-Aug 2023 HOTX
 OilRig, APT 34, Helix Kitten, ChryseneIran2014-Aug 2023 HOTX

4 groups listed (4 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]