You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- Shamoon disk-wiping malware returns with a new variant

Shamoon disk-wiping malware returns with a new variant
Shamoon disk-wiping malware returns with a new variant- December 18, 2018
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_149255174.jpg)
- The disk-wiping malware was spotted last week in two attacks.
- The come-back noted a different strain of the malware.
Earlier last week, the disk-wiper malware was spotted back in action, with not just one, but two occurrences. The second sighting observed a different strain of the malware and was uploaded to VirusTotal on December 13, 2018, from a user in the Netherlands.
The new sample of Disstrack shares several similarities and few contrasts from its predecessor. Among the few contrasts is the trigger date, still set in the past to December 12, 2017.
The detonation date still set in the past
A trigger or detonation date is typically set to activate the malware. In the new sample’s case, it's not clear why the threat actor used dates in the past.
“The Shamoon can retrieve detonation dates from its command and control (C2) server; the samples examined by Anomali Labs did not have the C2 configured,” Ghareeb Saad, Threat Intelligence Manager at Anomali told BleepingComputer
Another explanation for the trigger date to be set in the past is that the adversary wanted Shamoon to become active immediately after reaching the target.
"This may be achieved by altering the detonation date to 1 year in the past. Therefore, it is possible that a sample with a detonation date of December 12, 2017, represents the second wave of Shamoon V3 malware that was utilized on December 12, 2018," Researchers from Anomali Labs said.
UPX packed
The newly uncovered second sample that contained detonation date of December 12, 2017, is UPX (Ultimate Packer for eXecutable) packed. Other samples identified by security researchers using trigger date of 7, December 2017 were not packed utilizing UPX.
“Additionally, this sample uses a different set of file names from the earlier identified versions and a different executable file name. The file description imitates the product name “VMware Workstation” in an attempt to utilize a legitimate software product as a lure to victims,” researchers said.
- + Aware
Get such articles in your inbox
News
-
Previous News Local Government payment portal hit by Massive Data Breach
- December 19, 2018
- |
- Breaches and Incidents
-
Next News GandCrab ransomware spotted using fileless techniques to ramp up propagation
- December 18, 2018
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Local Government payment portal hit by Massive Data Breach
- December 19, 2018
- |
- Breaches and Incidents
-
Next News GandCrab ransomware spotted using fileless techniques to ramp up propagation
- December 18, 2018
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
