StoneDrill

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Stonedrill is a type of malware that can infiltrate computers or devices and cause harm by stealing personal information, disrupting operations, or holding data hostage for ransom. Stonedrill is a custom malware program that can open a backdoor on an infected computer and download additional files. This malware has been used by the group Elfin to attack various targets. In one incident, a victim in Saudi Arabia was targeted by Elfin and infected with Stonedrill after having previously been attacked by another group called Shamoon. The overlap between HOLMIUM's activities and techniques and those of APT33, StoneDrill, and Elfin have also been noted by other researchers and vendors. As a result of these attacks and the potential damage caused by malware like Stonedrill, it is important for individuals and organizations to take steps to protect their systems. This may include regularly updating anti-virus software, avoiding suspicious downloads and websites, and implementing strong passwords and security measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
HOLMIUM
1
Holmium, also known as Curious Serpens, Peach Sandstorm, APT33, Elfin, Magnallium, and Refined Kitten, is a threat actor that has been active since at least 2013. This group has been identified as having malicious intent and is often associated with cyber-espionage activities. They are believed to b
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ShamoonUnspecified
1
Shamoon is a malicious software (malware) known for its destructive capabilities, particularly in wiping out data from infected systems. It first gained notoriety in 2012 when it was used in an attack on Saudi Aramco, crippling approximately 30,000 systems at the company. The malware replaced the co
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ElfinUnspecified
1
Elfin, also known by various names including Curious Serpens, Peach Sandstorm, APT33, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a significant threat actor with a track record of malicious cyber activities dating back to at least 2013. The group has been particularly active from 2016 to 2019, target
APT33Unspecified
1
APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the StoneDrill Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Inside Microsoft 365 Defender: Mapping attack chains from cloud to endpoint - Microsoft Security Blog
MITRE
a year ago
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.