|
gptkbp:instanceOf
|
malware
|
|
gptkbp:alsoKnownAs
|
Disttrack
|
|
gptkbp:C2Communication
|
hardcoded IP addresses
no external C2 in some variants
|
|
gptkbp:category
|
cyberweapon
cyberattack tool
|
|
gptkbp:discoveredBy
|
gptkb:Seculert
gptkb:Symantec
2012
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Shamoon malware
|
|
gptkbp:impact
|
business disruption
thousands of computers destroyed
|
|
gptkbp:notableBattle
|
gptkb:RasGas_cyberattack
gptkb:Saudi_Aramco_cyberattack
2016 Saudi government attacks
|
|
gptkbp:notableFeature
|
hardcoded credentials
scheduled activation
image overwrite with burning US flag
|
|
gptkbp:notableVariant
|
gptkb:Shamoon_2
gptkb:Shamoon_3
|
|
gptkbp:payload
|
file deletion
disk wiping
master boot record overwrite
|
|
gptkbp:platform
|
gptkb:Microsoft_Windows
|
|
gptkbp:propagation
|
network shares
Windows administrative credentials
|
|
gptkbp:region
|
gptkb:Middle_East
gptkb:Saudi_Arabia
|
|
gptkbp:relatedTo
|
Iranian cyber operations
|
|
gptkbp:usesCredentialTheft
|
yes
|
|
gptkbp:usesMalware
|
wiper
data-destruction malware
|
|
gptkbp:writtenBy
|
gptkb:C++
|
|
gptkbp:bfsParent
|
gptkb:Shamoon_2.0_attacks
|
|
gptkbp:bfsLayer
|
6
|