ioc[.]one - OSINT Cyber Threat Intelligence Database

The Full Shamoon: How the Devastating Malware Was Inserted Into Networks

Tags

country:	Egypt Saudi Arabia
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Whois - T1596.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	a7dd2e2e-5066-4f36-8707-0f66564325a8
Fingerprint	ee531f990831c7c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 15, 2017, 6 p.m.
Added to db	April 15, 2023, 1:01 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	The Full Shamoon: How the Devastating Malware Was Inserted Into Networks
Title	The Full Shamoon: How the Devastating Malware Was Inserted Into Networks
Detected Hints/Tags/Attributes	65/2/40

Source URLs

	Redirection	Url
Details	Source	https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/

URL Provider

Details	Provider	Source level domain
Details	securityintelligence.com	securityintelligence.com

Attributes

Details	Type	#Events	Value
Details	File	2	cv_mci.doc
Details	File	2	discount_voucher_codes.xlsm
Details	File	2	health_insurance_plan.doc
Details	File	3	health_insurance_registration.doc
Details	File	2	job_titles.doc
Details	File	2	job_titles_itworx.doc
Details	File	2	job_titles_mci.doc
Details	File	2	password_policy.xlsm
Details	File	2	ntertmgr32.exe
Details	File	1	ntertmgr64.exe
Details	File	1	vdsk911.sys
Details	md5	2	45b0e5a457222455384713905f886bd4
Details	md5	2	f4d18316e367a80e1005f38445421b1f
Details	md5	2	19cea065aa033f5bcfa94a583ae59c08
Details	md5	2	ecfc0275c7a73a9c7775130ebca45b74
Details	md5	2	1b5e33e5a244d2d67d7a09c4ccf16e56
Details	md5	2	fa72c068361c05da65bf2117db76aaa8
Details	md5	2	43fad2d62bc23ffdc6d301571135222c
Details	md5	2	ce25f1597836c28cf415394fb350ae93
Details	md5	2	03ea9457bf71d51d8109e737158be888
Details	sha256	1	528714aaaa4a083e72599c32c18aa146db503eee80da236b20aea11aa43bdf62
Details	sha256	1	e5b643cb6ec30d0d0b458e3f2800609f260a5f15c4ac66faf4ebf384f7976df6
Details	IPv4	3	139.59.46.154
Details	IPv4	2	45.76.128.165
Details	Url	1	http://mol.com-ho.me/cv_itworx.doc
Details	Url	2	http://139.59.46.154:3485/eiloshaegae1
Details	Url	1	http://briefl.ink/qhtma
Details	Url	1	http://139.59.46.154:3485/eiloshaegae1.
Details	Url	1	http://45.76.128.165:4443/0w0o6.
Details	Domain	3	mol.com-ho.me
Details	Domain	339	system.net
Details	Domain	1	com-ho.me
Details	Domain	2	briefl.ink
Details	Domain	3	ntg-sa.com
Details	Domain	1	ntg.sa.com
Details	Domain	2	maps-modon.club
Details	Domain	2	maps.modon.gov.sa
Details	File	2	cv_itworx.doc
Details	File	1209	powershell.exe
Details	File	17	cv.doc