Shamoon malware

GPTKB entity

Statements (35)
Predicate Object
gptkbp:instanceOf malware
gptkbp:alsoKnownAs Disttrack
gptkbp:C2Communication hardcoded IP addresses
no external C2 in some variants
gptkbp:category cyberweapon
cyberattack tool
gptkbp:discoveredBy gptkb:Seculert
gptkb:Symantec
2012
https://www.w3.org/2000/01/rdf-schema#label Shamoon malware
gptkbp:impact business disruption
thousands of computers destroyed
gptkbp:notableBattle gptkb:RasGas_cyberattack
gptkb:Saudi_Aramco_cyberattack
2016 Saudi government attacks
gptkbp:notableFeature hardcoded credentials
scheduled activation
image overwrite with burning US flag
gptkbp:notableVariant gptkb:Shamoon_2
gptkb:Shamoon_3
gptkbp:payload file deletion
disk wiping
master boot record overwrite
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:propagation network shares
Windows administrative credentials
gptkbp:region gptkb:Middle_East
gptkb:Saudi_Arabia
gptkbp:relatedTo Iranian cyber operations
gptkbp:usesCredentialTheft yes
gptkbp:usesMalware wiper
data-destruction malware
gptkbp:writtenBy gptkb:C++
gptkbp:bfsParent gptkb:Shamoon_2.0_attacks
gptkbp:bfsLayer 6