misp-circl-feed/feeds/circl/misp/5c1223df-3c00-45e4-8fd0-48c3950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "OSINT - New Version of Disk-Wiping Shamoon/Disttrack Spotted: What You Need to Know", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Shamoon\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#3b0020", "exportable": true, "name": "workflow:todo=\"expansion\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "0", "timestamp": "1544695384", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c12297c-1368-4361-b757-4d1f950d210f", "sharing_group_id": "0", "timestamp": "1544694140", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c12297c-a050-4503-bc89-46af950d210f", "timestamp": "1544694140", "to_ids": true, "value": "_tdibth.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-2b34-408d-9775-479c950d210f", "timestamp": "1544694140", "to_ids": true, "value": "mdmgcs_8.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-09fc-4524-b0e2-465a950d210f", "timestamp": "1544694140", "to_ids": true, "value": "prngt6_4.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-9e28-433f-8fb4-41cb950d210f", "timestamp": "1544694140", "to_ids": true, "value": "prnsv0_56.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-8b88-423f-ab18-4fd7950d210f", "timestamp": "1544694140", "to_ids": true, "value": "vsmxraid.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-5c64-4d26-8271-4b2b950d210f", "timestamp": "1544694140", "to_ids": true, "value": "mdmusrk1g5.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-c8dc-49b9-9010-4368950d210f", "timestamp": "1544694140", "to_ids": true, "value": "arcx6u0.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-3b94-4e98-b948-4361950d210f", "timestamp": "1544694140", "to_ids": true, "value": "netbxndxlg2.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-3e70-4480-affd-4533950d210f", "timestamp": "1544694140", "to_ids": true, "value": "tsprint_ibv.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-8350-4234-ab61-4f35950d210f", "timestamp": "1544694140", "to_ids": true, "value": "wiacnt7001.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-af30-402d-9257-4c54950d210f", "timestamp": "1544694140", "to_ids": true, "value": "prnlx00ctl.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-c0e4-4e86-bc82-4b60950d210f", "timestamp": "1544694140", "to_ids": true, "value": "prncaz90x.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-cbf4-432c-bb49-410e950d210f", "timestamp": "1544694140", "to_ids": true, "value": "megasasop.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-c890-4593-a940-4de9950d210f", "timestamp": "1544694140", "to_ids": true, "value": "mdamx_5560.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-26d4-4167-84c6-4be8950d210f", "timestamp": "1544694140", "to_ids": true, "value": "averfix2h826d_noaverir.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-4698-4703-81a2-44cc950d210f", "timestamp": "1544694140", "to_ids": true, "value": "hidirkbdmvs2.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-8470-46f7-bf75-4831950d210f", "timestamp": "1544694140", "to_ids": true, "value": "af0038bdax.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-4ee4-4751-b67f-4d79950d210f", "timestamp": "1544694140", "to_ids": true, "value": "acpipmi2z.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5c12297c-1694-4c92-85f9-4838950d210f", "timestamp": "1544694140", "to_ids": true, "value": "_wialx002.exe", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5c12297c-9350-47ae-9279-498d950d210f", "timestamp": "1544694140", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5c122442-d114-4df8-b62a-4f37950d210f", "timestamp": "1544692802", "to_ids": false, "value": "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-version-of-disk-wiping-shamoon-disttrack-spotted-what-you-need-to-know", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5c1224db-ac60-4d54-9084-4d4b950d210f", "timestamp": "1544692955", "to_ids": false, "value": "We came across external reports that the notorious, disk-wiping worm Shamoon, also known as Disttrack, has reemerged with an updated version. We were also able to source several samples of this version of Shamoon that Trend Micro detects as Trojan.Win32.DISTTRACK.AA and Trojan.Win64.DISTTRACK.AA. While there are no obvious indications that this new version is currently in the wild, we are further analyzing the malware to verify its functions and capabilities given its destructive impact.", "disable_correlation": false, "object_relation": null, "type": "text"}], "extends_uuid": "", "published": false, "date": "2018-12-12", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5c1223df-3c00-45e4-8fd0-48c3950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink