Thursday, March 9, 2017

Stonedrill Technical Details from Kaspersky:


Kaspersky lab discovered unknown wiper malware which targets Saudi and the named it as stonedrill. This variant got similarities with shamoon in techniques and evasion.
As part of the investigation, they find that this malware operation is expanding from middle east to Europe.
 

Please find the full report:
https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf

 It contains IOC details and yara rules. Please use the IOC details for searching in the logs. And run the yara rules to find whether the stonedrill existence in the host.

 
StoneDrill C2s
 
eservic[.]com
securityupdated[.]com
actdire[.]com
chromup[.]com
chrome-up[.]date
service1.chrome-up[.]date
service.chrome-up[.]date
serveirc[.]com
 
 
StoneDrill MD5s
 
ac3c25534c076623192b9381f926ba0d
0ccc9ec82f1d44c243329014b82d3125
8e67f4c98754a2373a49eaf53425d79a
fb21f3cea1aa051ba2a45e75d46b98b8




Post made by
newWorld
at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...