Shamoon the wiper - copycats at work
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Shamoon the wiper - copycats at work | |
|---|---|
| Botnet | Shamoon, EraseMBR |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 16 aug2012 |
| Editor/Conference | Kaspersky lab |
| Link | https://www.securelist.com/en/blog?weblogid=208193786 (Archive copy) |
| Author | GReAT |
| Type | |
Abstract
“ Our opinion, based on researching several systems attacked by the original Wiper, is that it is not. The original “Wiper” was using certain service names (“RAHD...”) together with specific filenames for its drivers (“%temp%\~dxxx.tmp”) which do not appear to be present in this malware. Additionally, the original Wiper was using a certain pattern to wipe disks which again is not used by this malware.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1100,
editor = {Kaspersky lab},
author = {GReAT},
title = {Shamoon the wiper - copycats at work},
date = {16},
month = Aug,
year = {2012},
howpublished = {\url{https://www.securelist.com/en/blog?weblogid=208193786}},
}