Disttrack

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Disttrack, also known as Shamoon, is a destructive malware that was first identified in the cyber-attacks on Saudi Aramco and RasGas back in 2012. This malicious software is designed to infiltrate systems and cause significant damage by wiping data. The malware operates by installing a communications and wiper module onto the infected system, a process carried out by a Disttrack dropper. Notably, the resources of this malware have a language set to 'SUBLANG_ARABIC_YEMEN', a feature also found in previous Disttrack samples used in Shamoon 2 attacks. The operational pattern of Disttrack involves accessing ciphertext from a specified offset, subtracting 14 from it, a method consistent with previous Disttrack samples delivered in Shamoon 2 attacks. However, there has been an observed shift in its modus operandi; unlike past Shamoon attacks, the recent iterations of the Disttrack wiper do not overwrite files with an image. This change signifies a potential evolution in the malware's design and function, suggesting an increased sophistication of the threat actors behind it. Several variants of Disttrack have been identified, including x64 and x86 versions of the Disttrack dropper, communications module, and wiper module. These variants demonstrate the malware's adaptability and ability to target different system architectures. Given the destructive capabilities of Distrack and its history of targeting critical infrastructure sectors, it remains a significant cybersecurity concern, necessitating robust security measures and constant vigilance.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Wiper
Dropper
Malware
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Shamoonis related to
1
Shamoon is a malicious software (malware) known for its destructive capabilities, particularly in wiping out data from infected systems. It first gained notoriety in 2012 when it was used in an attack on Saudi Aramco, crippling approximately 30,000 systems at the company. The malware replaced the co
ZerocleareUnspecified
1
ZeroCleare is a type of malware, specifically a wiper, known for its destructive capabilities. It targets computer systems and networks, rendering them unusable by deleting critical files and data. This malicious software has been linked to several actors associated with Iran's Ministry of Intellige
Disttrack DropperUnspecified
1
The Disttrack dropper is a type of malware, malicious software designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold da
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Disttrack WiperUnspecified
1
None
Source Document References
Information about the Disttrack Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
EKANS Ransomware and ICS Operations | Dragos Dragos
MITRE
a year ago
Shamoon 3 Targets Oil and Gas Organization