Skip to content

Hide Navigation Hide TOC

StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887)

StoneDrill is wiper malware discovered in destructive campaigns against both Middle Eastern and European targets in association with APT33.(Citation: FireEye APT33 Sept 2017)(Citation: Kaspersky StoneDrill 2017)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 1
StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 1
StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware 1
StoneDrill - S0380 (8dbadf80-468c-4a62-b817-4e4d8b606887) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2