Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Cisco Coverage for Shamoon 2 & 3
#1
Cisco Coverage for Shamoon 2 & 3

Quote:Shamoon is a type of destructive malware that has been previously associated with attacks against various organizations in the oil and gas industry that we've been tracking since 2012. A new variant of this threat, identified as Shamoon 2, has been used against several compromised organizations and institutions. Throughout 2017, Talos observed an increase in Shamoon 2 activity and responded to ensure our customers remained protected.

On Dec. 10, Talos observed a new Shamoon 3 variant (c3ab58b3154e5f5101ba74fccfd27a9ab445e41262cdf47e8cc3be7416a5904f) that was uploaded to VirusTotal. While it is unclear where this sample came from, it shares many of the characteristics of the Shamoon 2 variant. Talos once again responded to ensure our customers are protected with all the existing coverage mechanisms. Additionally, Talos will continue to monitor for new developments to ensure our customers remain protected. Shamoon 2 has been observed targeting very specific organizations and propagating within a network via network enumeration and the use of stolen credentials. Some of the credentials are organization specific from individuals or shared accounts. Other credentials are the default accounts of products used by the targeted customers. Recent Shamoon 2 activity serves as a good reminder that users and organizations need to have a comprehensive disaster recovery plan. No one can say for certain if you will be targeted by destructive malware but we can say with 100% certainty that all drives fail. Without a proper system to backup and restore your data, you risk permanently losing your data. Ensuring your assets are properly backed up and can be quickly restored is critical should a system become compromised by Shamoon, ransomware, or other destructive malware and require a complete restoration.

IOCs

Shamoon 2
4919436d87d224f083c77228b48dadfc153ee7ad48dd7d22f0ba0d5090b5cf9b
5475f35363e2f4b70d4367554f1691f3f849fb68570be1a580f33f98e7e4df4a
01a461ad68d11b5b5096f45eb54df9ba62c5af413fa9eb544eacb598373a26bc
c7f937375e8b21dca10ea125e644133de3afc7766a8ca4fc8376470277832d95

Shamoon 3
c3ab58b3154e5f5101ba74fccfd27a9ab445e41262cdf47e8cc3be7416a5904f
bd2097055380b96c62f39e1160d260122551fa50d1eccdc70390958af56ac003
0694bdf9f08e4f4a09d13b7b5a68c0148ceb3fcc79442f4db2aa19dd23681afe
0975eb436fb4adb9077c8e99ea6d34746807bc83a228b17d321d14dfbbe80b03
391e7b90bf3f0bfeb2c2602cc65aa6be4dd1c01374b89c4a48425f2d22fe231c
ccb1209122085bed5bded3f923835a65d3cc1071f7e4ad52bc5cf42057dd2150
dab3308ab60d0d8acb3611bf364e81b63cfb6b4c1783864ebc515297e2297589
ee084f2c6fd2cc16f613fadd712641b5742489ca87851739dc868b976867858f
36414012564b88b5a2dcded39fc5ed22301ea2ef2f455bf697fa97a5925cb721
101e74ef7a18d3a790f1d30edc7bd9f4ebf0afb2cb85cffcd5710d0a53df77a6
4d4531f0372d4364e3d9b7e6ea13abf241bbc4a4b761f8a2aea67428d0de8d83


https://blog.talosintelligence.com/2017/...oon-2.html
Reply
#2
Example. Use full screen option and HD for better view.


Reply




Users browsing this thread: 1 Guest(s)