S0140Windows

S0140Shamoon

Platforms
1
ATT&CK
14.1
References
5

Description

[Shamoon](https://attack.mitre.org/software/S0140) is wiper malware that was first used by an Iranian group known as the "Cutting Sword of Justice" in 2012. Other versions known as Shamoon 2 and Shamoon 3 were observed in 2016 and 2018. [Shamoon](https://attack.mitre.org/software/S0140) has also been seen leveraging [RawDisk](https://attack.mitre.org/software/S0364) and Filerase to carry out data wiping tasks. The term Shamoon is sometimes used to refer to the group using the malware as well as the malware itself.(Citation: Palo Alto Shamoon Nov 2016)(Citation: Unit 42 Shamoon3 2018)(Citation: Symantec Shamoon 2012)(Citation: FireEye Shamoon Nov 2016)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0140
  2. http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
  3. https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
  4. https://www.symantec.com/connect/blogs/shamoon-attacks
  5. https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Shamoon Group
Software
Wiper
Software
ShimRat
Software
ZeroCleare
Software
StoneDrill
Software
KillDisk
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.