{"id":59922,"date":"2025-09-26T10:55:34","date_gmt":"2025-09-26T10:55:34","guid":{"rendered":"https:\/\/becolve.com\/blog\/a-new-shamoon-campaign-with-disttrack\/"},"modified":"2025-09-26T10:55:34","modified_gmt":"2025-09-26T10:55:34","slug":"a-new-shamoon-campaign-with-disttrack","status":"publish","type":"blog","link":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/","title":{"rendered":"A New Shamoon Campaign with Disttrack"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p>A new variant of the <strong>Disttrack malware<\/strong> (<strong>W32.Disttrack.B<\/strong>) has reappeared this month, affecting different companies in the Oil &amp; Gas sector, within the well-known Shamoon campaign.<\/p>\n<p>In this case, Disttrack acts as a worm\/trojan\/file eraser. In other words, the malware is capable of massively infecting computers located on a specific local network, and once infected, it first proceeds to \u201cclean-erase\u201d (wiper) the files found on said computer, and then rewrite its MBR (Master Boot Record). <\/p>\n<p>The most recent attack targeted an Italian oil and gas drilling company operating in the Middle East and affected approximately 300 servers and 100 PCs.<\/p>\n<p>This type of attack and behavior (infection, deletion of equipment, and file substitution) is very characteristic of the Shamoon campaign. We can recall how between 2012 and 2016, along with the Duqu and Flame campaigns, Shamoon carried out sabotage, information theft, and industrial espionage actions against companies in the Oil&amp;Gas sector, such as Saudi Aramco or Qatar&#8217;s RasGas. It is estimated that, at that time, between 30,000 and 50,000 workstations of these companies were overwritten.  <\/p>\n<p><b>Disttrack consists of three components:<\/b><\/p>\n<ul>\n<li>Dropper: The malware sample sent to VirusTotal includes a dropper, which is responsible for installing the communications module and the \u201cwiper\u201d on the target system. In addition, it is responsible for propagating horizontally through the network. To do this, it remotely logs into the computers located on said network and accesses them through users and passwords, previously stolen.  <\/li>\n<li>Wiper: This is the component (Trojan.Filerase) that performs the deletion of files, replacing them with JPEG files that represent the burning US flag.<\/li>\n<li>Communications or Reporter: The module in charge of communicating with the C2 and thus being able to receive all the deleted files.<\/li>\n<\/ul>\n<p>It should be noted that during the first Shamoon attacks, the Trojan.Filerase acted, and after carrying out a forensic analysis, it was possible to recover the files. The latest version of Disttrack makes this recovery impossible. <\/p>\n<p>The main attack vectors used have been:<\/p>\n<ul>\n<li>The use of USBs that have not been previously scanned.<\/li>\n<li>Insecure access via RDP (Remote Desktop Protocol), that is, access through RDP without the SMB authentication protocol being configured correctly.<\/li>\n<\/ul>\n<p><b>What do we recommend from Logitek&#8217;s industrial cybersecurity consulting and engineering unit?<\/b><\/p>\n<ul>\n<li>Incorporate USB device scanning solutions for OT environments.<\/li>\n<li>Strengthen the equipment on the OT network, carrying out in-depth defense strategies.<\/li>\n<li>Train and raise awareness among users about the correct use of external storage devices.<\/li>\n<li>Incorporate non-invasive intrusion and anomaly detection solutions specific to industrial environments.<\/li>\n<\/ul>\n<p>If you want us to tell you more about the main threats that can affect your industrial environment and\/or critical infrastructure and <strong>what we propose to avoid or minimize the negative effects they can cause<\/strong> (economic losses, alteration of processes, damage to brand image, personal injury), <strong>contact<\/strong> <a href=\"https:\/\/www.ciberseguridadlogitek.com\/contacto\/\"><strong>us<\/strong>.<\/a><\/p>\n<p>References: <a href=\"https:\/\/www.enisa.europa.eu\/publications\/info-notes\/shamoon-campaigns-with-disttrack\/\" target=\"_blank\" rel=\"noopener\">Enisa<\/a> and <a href=\"https:\/\/threatvector.cylance.com\/en_us\/home\/threat-spotlight-disttrack-malware.html\" target=\"_blank\" rel=\"noopener\">Threat Vector<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new variant of the Disttrack malware (W32.Disttrack.B) has reappeared this month, affecting different companies in the Oil &amp; Gas sector, within the well-known Shamoon campaign.<\/p>\n","protected":false},"author":31,"featured_media":59924,"menu_order":0,"template":"","categories":[1371],"tags":[],"arquitectura":[1839],"area":[],"sector":[],"experto":[1396],"weborigen":[157],"productos-tax":[],"soluciones-tax":[],"marcas-tax":[],"coauthors":[],"class_list":["post-59922","blog","type-blog","status-publish","has-post-thumbnail","hentry","category-cybersecurity","arquitectura-industrial-cybersecurity","experto-industrial-cybersecurity-total-availability","weborigen-ciberseguridadlogitek-com"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A new Shamoon campaign with Disttrack<\/title>\n<meta name=\"description\" content=\"A new variant of the Disttrack malware (W32.Disttrack.B) has reappeared this month, affecting different companies in the Oil &amp; Gas sector, within the well-known Shamoon campaign.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A new Shamoon campaign with Disttrack\" \/>\n<meta property=\"og:description\" content=\"A new variant of the Disttrack malware (W32.Disttrack.B) has reappeared this month, affecting different companies in the Oil &amp; Gas sector, within the well-known Shamoon campaign.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/\" \/>\n<meta property=\"og:site_name\" content=\"Becolve Digital\" \/>\n<meta property=\"og:image\" content=\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberseguridad-logitek-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Logitek_es\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Becolve Digital\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/\",\"url\":\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/\",\"name\":\"A new Shamoon campaign with Disttrack\",\"isPartOf\":{\"@id\":\"https:\/\/becolve.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberseguridad-logitek-2.jpg\",\"datePublished\":\"2025-09-26T10:55:34+00:00\",\"description\":\"A new variant of the Disttrack malware (W32.Disttrack.B) has reappeared this month, affecting different companies in the Oil & Gas sector, within the well-known Shamoon campaign.\",\"breadcrumb\":{\"@id\":\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#primaryimage\",\"url\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberseguridad-logitek-2.jpg\",\"contentUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberseguridad-logitek-2.jpg\",\"width\":800,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/becolve.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog Items\",\"item\":\"https:\/\/becolve.com\/en\/blog\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A New Shamoon Campaign with Disttrack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/becolve.com\/en\/#website\",\"url\":\"https:\/\/becolve.com\/en\/\",\"name\":\"Becolve Digital\",\"description\":\"Transformaci\u00f3n digital en industria e infraestructuras\",\"publisher\":{\"@id\":\"https:\/\/becolve.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/becolve.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/becolve.com\/en\/#organization\",\"name\":\"Becolve Digital\",\"url\":\"https:\/\/becolve.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png\",\"contentUrl\":\"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png\",\"width\":200,\"height\":64,\"caption\":\"Becolve Digital\"},\"image\":{\"@id\":\"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/Logitek_es\",\"https:\/\/www.linkedin.com\/company\/becolve-digital\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A new Shamoon campaign with Disttrack","description":"A new variant of the Disttrack malware (W32.Disttrack.B) has reappeared this month, affecting different companies in the Oil & Gas sector, within the well-known Shamoon campaign.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/","og_locale":"en_US","og_type":"article","og_title":"A new Shamoon campaign with Disttrack","og_description":"A new variant of the Disttrack malware (W32.Disttrack.B) has reappeared this month, affecting different companies in the Oil & Gas sector, within the well-known Shamoon campaign.","og_url":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/","og_site_name":"Becolve Digital","og_image":[{"width":800,"height":300,"url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberseguridad-logitek-2.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@Logitek_es","twitter_misc":{"Est. reading time":"2 minutes","Written by":"Becolve Digital"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/","url":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/","name":"A new Shamoon campaign with Disttrack","isPartOf":{"@id":"https:\/\/becolve.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#primaryimage"},"image":{"@id":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#primaryimage"},"thumbnailUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberseguridad-logitek-2.jpg","datePublished":"2025-09-26T10:55:34+00:00","description":"A new variant of the Disttrack malware (W32.Disttrack.B) has reappeared this month, affecting different companies in the Oil & Gas sector, within the well-known Shamoon campaign.","breadcrumb":{"@id":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#primaryimage","url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberseguridad-logitek-2.jpg","contentUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/ciberseguridad-logitek-2.jpg","width":800,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/becolve.com\/en\/blog\/a-new-shamoon-campaign-with-disttrack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/becolve.com\/en\/"},{"@type":"ListItem","position":2,"name":"Blog Items","item":"https:\/\/becolve.com\/en\/blog\/"},{"@type":"ListItem","position":3,"name":"A New Shamoon Campaign with Disttrack"}]},{"@type":"WebSite","@id":"https:\/\/becolve.com\/en\/#website","url":"https:\/\/becolve.com\/en\/","name":"Becolve Digital","description":"Transformaci\u00f3n digital en industria e infraestructuras","publisher":{"@id":"https:\/\/becolve.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/becolve.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/becolve.com\/en\/#organization","name":"Becolve Digital","url":"https:\/\/becolve.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png","contentUrl":"https:\/\/becolve.com\/wp-content\/uploads\/2023\/04\/becolve-logo-h-black_200.png","width":200,"height":64,"caption":"Becolve Digital"},"image":{"@id":"https:\/\/becolve.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Logitek_es","https:\/\/www.linkedin.com\/company\/becolve-digital\/"]}]}},"_links":{"self":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog\/59922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/users\/31"}],"version-history":[{"count":0,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/blog\/59922\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/media\/59924"}],"wp:attachment":[{"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/media?parent=59922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/categories?post=59922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/tags?post=59922"},{"taxonomy":"arquitectura","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/arquitectura?post=59922"},{"taxonomy":"area","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/area?post=59922"},{"taxonomy":"sector","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/sector?post=59922"},{"taxonomy":"experto","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/experto?post=59922"},{"taxonomy":"weborigen","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/weborigen?post=59922"},{"taxonomy":"productos-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/productos-tax?post=59922"},{"taxonomy":"soluciones-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/soluciones-tax?post=59922"},{"taxonomy":"marcas-tax","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/marcas-tax?post=59922"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/becolve.com\/en\/wp-json\/wp\/v2\/coauthors?post=59922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}