StoneDrill
Associated Software Descriptions |
|
Name | Description |
---|---|
DROPSHOT | (Citation: FireEye APT33 Sept 2017) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .005 | Command and Scripting Interpreter: Visual Basic |
StoneDrill has several VBS scripts used throughout the malware's lifecycle.(Citation: Kaspersky StoneDrill 2017) |
Enterprise | T1561 | .001 | Disk Wipe: Disk Content Wipe |
StoneDrill can wipe the accessible physical or logical drives of the infected machine.(Citation: Symantec Elfin Mar 2019) |
.002 | Disk Wipe: Disk Structure Wipe |
StoneDrill can wipe the master boot record of an infected computer.(Citation: Symantec Elfin Mar 2019) |
||
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
StoneDrill has been observed deleting the temporary files once they fulfill their task.(Citation: Kaspersky StoneDrill 2017) |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
StoneDrill has obfuscated its module with an alphabet-based table or XOR encryption.(Citation: Kaspersky StoneDrill 2017) |
Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
StoneDrill can check for antivirus and antimalware programs.(Citation: Kaspersky StoneDrill 2017) |
References
- Kaspersky Lab. (2017, March 7). From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond. Retrieved March 14, 2019.
- O'Leary, J., et al. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved February 15, 2018.
- Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.