Shamoon DistTrack
Overview Very first attacks had been seen back in 2012 to Saudi Aramco. By the end of the 2016 and start of 2017 more than 15 government agencies and organizations have been hit with Shamoon 2. If one of your employees opened malicious spear phishing document and if you are in Saudi Arabia, you should be aware of DistTrack malware within your network as it is highly destructive. Recommandations The following is guidance for detecting or preventing DistTrack malware within your . Please note that performing any of these actions might have a negative effect on your business and should not be implemented without proper review and study of the impact of the environment Monitor for Remote Registry service starts. Monitor any events in the SIEM that show dates in between 1 and 20 of August 2012. Monitor system time change events back to 2012 Monitor scheduled jobs and system32 file changes Prevent and limit access to SMB shares Prevent or throttle client to client communica...