Trusted Design

Shamoon is back

概要

In August 2012, an attack campaign known as Shamoon targeted a Saudi Arabian energy company to deliver a malware called Disttrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to destroy data and to render infected systems unusable. The attack four years ago resulted in 30,000 or more systems being damaged. Last week, Unit 42 came across new Disttrack samples that appear to have been used in an updated attack campaign. The attack targeted at least one organization in Saudi Arabia, which aligns with the targeting of the initial Shamoon attacks. It appears the purpose of the new Disttrack samples were solely focused on destruction, as the samples were configured with a non-operational C2 server to report to and were set to begin wiping data exactly on 2016/11/17 20:45.

Created: 2026-02-23

Indicators

類似Pulses

From Shamoon to StoneDrill (score: 0.81)
Greenbug cyberespionage group targeting Middle East, possible links to Shamoon (score: 0.80)
Greenbugs DNS-isms (score: 0.68)
OilRig Campaign Attack on Saudi Arabia Deliver Helminth Backdoor (score: 0.64)
Recent Coordinated Attack on Security Infrastructure (score: 0.59)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 7.79

Matched TTPs:

T1564.008 - Email Hiding Rules
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Sandworm Team

Score: 28.49

Matched TTPs:

T1564.008 - Email Hiding Rules
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1193 - Spearphishing Attachment
T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication
T1075 - Pass the Hash
T1543.001 - Launch Agent

MITREへのリンク →

HAFNIUM

Score: 11.60

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1490 - Inhibit System Recovery

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Ke3chang

Score: 7.84

Matched TTPs:

T1027.008 - Stripped Payloads
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

BRONZE BUTLER

Score: 11.30

Matched TTPs:

T1003.007 - Proc Filesystem
T1558 - Steal or Forge Kerberos Tickets
T1592.004 - Client Configurations
T1159 - Launch Agent

MITREへのリンク →

TeamTNT

Score: 6.68

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

OilRig

Score: 18.32

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Turla

Score: 8.81

Matched TTPs:

T1003.007 - Proc Filesystem
T1556.009 - Conditional Access Policies
T1490 - Inhibit System Recovery

MITREへのリンク →

Kimsuky

Score: 11.92

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1102.003 - One-Way Communication
T1490 - Inhibit System Recovery

MITREへのリンク →

Earth Lusca

Score: 5.97

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Volt Typhoon

Score: 21.91

Matched TTPs:

T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication
T1584.002 - DNS Server
T1159 - Launch Agent
T1574.002 - DLL Side-Loading

MITREへのリンク →

TA2541

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

Mustang Panda

Score: 19.42

Matched TTPs:

T1091 - Replication Through Removable Media
T1569.001 - Launchctl
T1102.003 - One-Way Communication
T1159 - Launch Agent
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

LazyScripter

Score: 4.16

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Gamaredon Group

Score: 6.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1061 - Graphical User Interface

MITREへのリンク →

Star Blizzard

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication

MITREへのリンク →

Threat Group-3390

Score: 7.58

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP

MITREへのリンク →

SideCopy

Score: 8.85

Matched TTPs:

T1091 - Replication Through Removable Media
T1584.002 - DNS Server
T1159 - Launch Agent

MITREへのリンク →

BlackByte

Score: 3.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT32

Score: 13.42

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1592.004 - Client Configurations
T1556 - Modify Authentication Process
T1490 - Inhibit System Recovery

MITREへのリンク →

HEXANE

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1159 - Launch Agent

MITREへのリンク →

Moonstone Sleet

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

Contagious Interview

Score: 16.85

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1021.006 - Windows Remote Management
T1102.003 - One-Way Communication
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

FIN7

Score: 6.11

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1490 - Inhibit System Recovery

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL

MITREへのリンク →

APT28

Score: 12.73

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1146 - Clear Command History
T1546.007 - Netsh Helper DLL

MITREへのリンク →

FIN13

Score: 3.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Magic Hound

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 11.97

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1128 - Netsh Helper DLL
T1216 - System Script Proxy Execution

MITREへのリンク →

Sea Turtle

Score: 4.14

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1490 - Inhibit System Recovery

MITREへのリンク →

Storm-0501

Score: 4.91

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1543.001 - Launch Agent

MITREへのリンク →

Agrius

Score: 3.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

menuPass

Score: 3.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

Winter Vivern

Score: 3.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

APT29

Score: 10.50

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1592.004 - Client Configurations
T1547.008 - LSASS Driver
T1490 - Inhibit System Recovery

MITREへのリンク →

Leviathan

Score: 4.91

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

UNC3886

Score: 5.60

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management

MITREへのリンク →

Dragonfly

Score: 5.31

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment

MITREへのリンク →

Axiom

Score: 9.63

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1160 - Launch Daemon

MITREへのリンク →

APT41

Score: 9.04

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1001.003 - Protocol or Service Impersonation
T1574.002 - DLL Side-Loading

MITREへのリンク →

Play

Score: 4.14

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1490 - Inhibit System Recovery

MITREへのリンク →

MuddyWater

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1159 - Launch Agent

MITREへのリンク →

Salt Typhoon

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1556 - Modify Authentication Process

MITREへのリンク →

APT39

Score: 4.91

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

Windshift

Score: 7.46

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1159 - Launch Agent
T1547.008 - LSASS Driver

MITREへのリンク →

Storm-1811

Score: 4.71

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1547.008 - LSASS Driver

MITREへのリンク →

LAPSUS$

Score: 7.28

Matched TTPs:

T1193 - Spearphishing Attachment
T1543.001 - Launch Agent

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery

MITREへのリンク →

Tropic Trooper

Score: 8.16

Matched TTPs:

T1128 - Netsh Helper DLL
T1159 - Launch Agent
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN6

Score: 8.02

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

FIN8

Score: 5.49

Matched TTPs:

T1128 - Netsh Helper DLL
T1556 - Modify Authentication Process

MITREへのリンク →

Patchwork

Score: 3.44

Matched TTPs:

T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

Wizard Spider

Score: 9.81

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1556.009 - Conditional Access Policies
T1556 - Modify Authentication Process

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Lazarus Group

Score: 16.46

Matched TTPs:

T1543.001 - Launch Agent
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process
T1216 - System Script Proxy Execution

MITREへのリンク →

APT38

Score: 7.06

Matched TTPs:

T1543.001 - Launch Agent
T1216 - System Script Proxy Execution

MITREへのリンク →

APT37

Score: 3.62

Matched TTPs:

T1216 - System Script Proxy Execution

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.85

Matched TTPs:

T1193 - Spearphishing Attachment
T1564.008 - Email Hiding Rules
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1075 - Pass the Hash
T1102.003 - One-Way Communication
T1543.001 - Launch Agent
T1558 - Steal or Forge Kerberos Tickets
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Volt Typhoon

Score: 0.66

Matched TTPs:

T1574.002 - DLL Side-Loading
T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication
T1584.002 - DNS Server
T1003.007 - Proc Filesystem
T1159 - Launch Agent
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

OilRig

Score: 0.60

Matched TTPs:

T1091 - Replication Through Removable Media
T1556.009 - Conditional Access Policies
T1128 - Netsh Helper DLL
T1558 - Steal or Forge Kerberos Tickets
T1003.007 - Proc Filesystem
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Mustang Panda

Score: 0.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1102.003 - One-Way Communication
T1055.005 - Thread Local Storage
T1569.001 - Launchctl
T1159 - Launch Agent
T1556 - Modify Authentication Process

MITREへのリンク →

Lazarus Group

Score: 0.55

Matched TTPs:

T1216 - System Script Proxy Execution
T1543.001 - Launch Agent
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る