Difference between revisions of "Shamoon the wiper - copycats at work"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " www.securelist.com" to "") |
||
Line 5: | Line 5: | ||
|Licence= | |Licence= | ||
|Video= | |Video= | ||
|Link=https://www.securelist.com/en/blog?weblogid=208193786 | |Link=https://www.securelist.com/en/blog?weblogid=208193786 | ||
|Author=GReAT, | |Author=GReAT, | ||
|NomRevue=Securelist | |NomRevue=Securelist |
Revision as of 18:58, 7 February 2015
(Publication) Google search: [1]
Shamoon the wiper - copycats at work | |
---|---|
Botnet | Shamoon, EraseMBR |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 16 août 2012 |
Editor/Conference | Kaspersky lab |
Link | https://www.securelist.com/en/blog?weblogid=208193786 (Archive copy) |
Author | GReAT |
Type |
Abstract
“ Our opinion, based on researching several systems attacked by the original Wiper, is that it is not. The original “Wiper” was using certain service names (“RAHD...”) together with specific filenames for its drivers (“%temp%\~dxxx.tmp”) which do not appear to be present in this malware. Additionally, the original Wiper was using a certain pattern to wipe disks which again is not used by this malware.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1100, editor = {Kaspersky lab}, author = {GReAT}, title = {Shamoon the wiper - copycats at work}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2012}, howpublished = {\url{https://www.securelist.com/en/blog?weblogid=208193786}}, }