Shamoon 3: Modified Open-Source Wiper Contains Verse from the Quran
Tags
country: Argentina
attack-pattern: Data Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 9e4d1bb4-9dec-49ee-b27a-8e3478c9b28e
Fingerprint b5539f5b2b799381
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 19, 2018, 5 p.m.
Added to db Jan. 18, 2023, 10:42 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Shamoon 3: Modified Open-Source Wiper Contains Verse from the Quran
Title Shamoon 3: Modified Open-Source Wiper Contains Verse from the Quran
Detected Hints/Tags/Attributes 47/2/16
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/shamoon-3-modified-open-source-wiper-contains-verse-from-the-quran/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details File 1 
c:\windows\hdv_725x.sys
Details File 2126 
cmd.exe
Details File 5 
spreader.exe
Details File 2 
process.bat
Details File 2 
slhost.exe
Details File 1 
c:\program files\internet explorer\signin\slhost.exe
Details File 1 
vcbsnapshotprovider.dll
Details sha256 3 
d9e52663715902e9ec51a7dd2fea5241c9714976e9541c02df66d1a42a3a7d2a
Details sha256 3 
35ceb84403efa728950d2cc8acb571c61d3a90decaf8b1f2979eaf13811c146b
Details sha256 3 
5203628a89e0a7d9f27757b347118250f5aa6d0685d156e375b6945c8c05eb8a
Details sha256 2 
0266be9130bdf20976fc5490f9191edaafdae09ebe45e74cd97792412454bf0d
Details sha256 1 
e5bf756d5530ec38ff649b901b3c7506f8556821d979bdcb392237f2ff40daf8
Details sha256 1 
5257f623270b4c5cc471ff35b1bfeec80ab37c7e012da76b50ebd2c4911a43d0
Details sha256 3 
c3ab58b3154e5f5101ba74fccfd27a9ab445e41262cdf47e8cc3be7416a5904f
Details sha256 3 
0694bdf9f08e4f4a09d13b7b5a68c0148ceb3fcc79442f4db2aa19dd23681afe
Details sha256 2 
391e7b90bf3f0bfeb2c2602cc65aa6be4dd1c01374b89c4a48425f2d22fe231c