Disttrack

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Disttrack, also known as Shamoon, is a destructive malware that was first identified in the cyber-attacks on Saudi Aramco and RasGas back in 2012. This malicious software is designed to infiltrate systems and cause significant damage by wiping data. The malware operates by installing a communications and wiper module onto the infected system, a process carried out by a Disttrack dropper. Notably, the resources of this malware have a language set to 'SUBLANG_ARABIC_YEMEN', a feature also found in previous Disttrack samples used in Shamoon 2 attacks. The operational pattern of Disttrack involves accessing ciphertext from a specified offset, subtracting 14 from it, a method consistent with previous Disttrack samples delivered in Shamoon 2 attacks. However, there has been an observed shift in its modus operandi; unlike past Shamoon attacks, the recent iterations of the Disttrack wiper do not overwrite files with an image. This change signifies a potential evolution in the malware's design and function, suggesting an increased sophistication of the threat actors behind it. Several variants of Disttrack have been identified, including x64 and x86 versions of the Disttrack dropper, communications module, and wiper module. These variants demonstrate the malware's adaptability and ability to target different system architectures. Given the destructive capabilities of Distrack and its history of targeting critical infrastructure sectors, it remains a significant cybersecurity concern, necessitating robust security measures and constant vigilance.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Disttrack Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Shamoon 3 Targets Oil and Gas Organization
MITRE
a year ago
EKANS Ransomware and ICS Operations | Dragos Dragos