Trusted Design

Shamoon is back

概要

In August 2012, an attack campaign known as Shamoon targeted a Saudi Arabian energy company to deliver a malware called Disttrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to destroy data and to render infected systems unusable. The attack four years ago resulted in 30,000 or more systems being damaged. Last week, Unit 42 came across new Disttrack samples that appear to have been used in an updated attack campaign. The attack targeted at least one organization in Saudi Arabia, which aligns with the targeting of the initial Shamoon attacks. It appears the purpose of the new Disttrack samples were solely focused on destruction, as the samples were configured with a non-operational C2 server to report to and were set to begin wiping data exactly on 2016/11/17 20:45.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 7.79
Matched TTPs:
  • T1491.002 - External Defacement
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
MITREへのリンク →

Sandworm Team

Score: 28.49
Matched TTPs:
  • T1491.002 - External Defacement
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1591.002 - Business Relationships
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1499 - Endpoint Denial of Service
  • T1485 - Data Destruction
MITREへのリンク →

HAFNIUM

Score: 11.60
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1078.003 - Local Accounts
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Ke3chang

Score: 7.84
Matched TTPs:
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

BRONZE BUTLER

Score: 11.30
Matched TTPs:
  • T1007 - System Service Discovery
  • T1036 - Masquerading
  • T1550.003 - Pass the Ticket
  • T1518 - Software Discovery
MITREへのリンク →

TeamTNT

Score: 6.68
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
MITREへのリンク →

OilRig

Score: 18.32
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1573.002 - Asymmetric Cryptography
  • T1555.004 - Windows Credential Manager
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Turla

Score: 8.81
Matched TTPs:
  • T1007 - System Service Discovery
  • T1555.004 - Windows Credential Manager
  • T1078.003 - Local Accounts
MITREへのリンク →

Kimsuky

Score: 11.92
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1593 - Search Open Websites/Domains
  • T1078.003 - Local Accounts
MITREへのリンク →

Earth Lusca

Score: 5.97
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Volt Typhoon

Score: 21.91
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1614 - System Location Discovery
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

TA2541

Score: 4.72
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Mustang Panda

Score: 19.42
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1608 - Stage Capabilities
  • T1593 - Search Open Websites/Domains
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LazyScripter

Score: 4.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
MITREへのリンク →

Gamaredon Group

Score: 6.51
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1001 - Data Obfuscation
MITREへのリンク →

Star Blizzard

Score: 5.26
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1593 - Search Open Websites/Domains
MITREへのリンク →

Threat Group-3390

Score: 7.58
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
MITREへのリンク →

SideCopy

Score: 8.85
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1614 - System Location Discovery
  • T1518 - Software Discovery
MITREへのリンク →

BlackByte

Score: 3.44
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT32

Score: 13.42
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1550.003 - Pass the Ticket
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

HEXANE

Score: 4.72
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1518 - Software Discovery
MITREへのリンク →

Moonstone Sleet

Score: 4.50
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Contagious Interview

Score: 16.85
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1593 - Search Open Websites/Domains
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN7

Score: 6.11
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1078.003 - Local Accounts
MITREへのリンク →

EXOTIC LILY

Score: 4.50
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 4.72
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

APT28

Score: 12.73
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1498 - Network Denial of Service
  • T1669 - Wi-Fi Networks
MITREへのリンク →

FIN13

Score: 3.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
MITREへのリンク →

Magic Hound

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Medusa Group

Score: 11.97
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1573.002 - Asymmetric Cryptography
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sea Turtle

Score: 4.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1078.003 - Local Accounts
MITREへのリンク →

Storm-0501

Score: 4.91
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1485 - Data Destruction
MITREへのリンク →

Agrius

Score: 3.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
MITREへのリンク →

menuPass

Score: 3.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 3.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
MITREへのリンク →

APT29

Score: 10.50
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1550.003 - Pass the Ticket
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

Leviathan

Score: 4.91
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1197 - BITS Jobs
MITREへのリンク →

UNC3886

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
MITREへのリンク →

Dragonfly

Score: 5.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1591.002 - Business Relationships
MITREへのリンク →

Axiom

Score: 9.63
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1001.002 - Steganography
MITREへのリンク →

APT41

Score: 9.04
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1197 - BITS Jobs
  • T1596.005 - Scan Databases
MITREへのリンク →

Play

Score: 4.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1078.003 - Local Accounts
MITREへのリンク →

MuddyWater

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518 - Software Discovery
MITREへのリンク →

Salt Typhoon

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT39

Score: 4.91
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1197 - BITS Jobs
MITREへのリンク →

Windshift

Score: 7.46
Matched TTPs:
  • T1036 - Masquerading
  • T1518 - Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 4.71
Matched TTPs:
  • T1036 - Masquerading
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LAPSUS$

Score: 7.28
Matched TTPs:
  • T1591.002 - Business Relationships
  • T1485 - Data Destruction
MITREへのリンク →

Velvet Ant

Score: 5.41
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1078.003 - Local Accounts
MITREへのリンク →

Tropic Trooper

Score: 8.16
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1518 - Software Discovery
  • T1078.003 - Local Accounts
MITREへのリンク →

FIN6

Score: 8.02
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN8

Score: 5.49
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Patchwork

Score: 3.44
Matched TTPs:
  • T1197 - BITS Jobs
MITREへのリンク →

Wizard Spider

Score: 9.81
Matched TTPs:
  • T1197 - BITS Jobs
  • T1555.004 - Windows Credential Manager
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Lazarus Group

Score: 16.46
Matched TTPs:
  • T1485 - Data Destruction
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT38

Score: 7.06
Matched TTPs:
  • T1485 - Data Destruction
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT37

Score: 3.62
Matched TTPs:
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.85
Matched TTPs:
  • T1584.005 - Botnet
  • T1485 - Data Destruction
  • T1491.002 - External Defacement
  • T1499 - Endpoint Denial of Service
  • T1593 - Search Open Websites/Domains
  • T1190 - Exploit Public-Facing Application
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1591.002 - Business Relationships
MITREへのリンク →

Volt Typhoon

Score: 0.66
Matched TTPs:
  • T1584.005 - Botnet
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1593 - Search Open Websites/Domains
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1614 - System Location Discovery
MITREへのリンク →

OilRig

Score: 0.60
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1007 - System Service Discovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1608.001 - Upload Malware
  • T1555.004 - Windows Credential Manager
  • T1036 - Masquerading
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Mustang Panda

Score: 0.59
Matched TTPs:
  • T1518 - Software Discovery
  • T1593 - Search Open Websites/Domains
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1608 - Stage Capabilities
  • T1608.001 - Upload Malware
MITREへのリンク →

Lazarus Group

Score: 0.55
Matched TTPs:
  • T1485 - Data Destruction
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る