Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks. Researchers at Palo Alto said they found a Zip archive in January that contains files which the attacker used to infect other systems on the targeted network. Shamoon has been blamed for nearly a decade of destructive campaigns against organizations based in Saudi Arabia. Researchers say they found evidence that the actors use a combination of. legitimate tools and batch scripts to deploy the. Disttrack payload to deploy. the payload to hostnames known to the attackers to exist in the targeted. network.
Source: https://threatpost.com/new-clues-surface-on-shamoon-2s-destructive-behavior/124587/