The analysis conducted by Arbor Networks on the Shamoon 2 malware has shed light on the control infrastructure and the infection process. Shamoon, also known as Disttrack, was first discovered in a wave of attacks that targeted companies in Saudi Arabia in 2012. The principal capability of Shamoon is a feature that allows it to wipe data from hard drives of the infected systems. The researchers linked the malware to Middle Eastern state-sponsored groups such as Magic Hound and PupyRAT. The analysis of three X-Force malware samples, the researchers were able to locate the malicious domains and IP addresses used by the attackers.”]
Source: https://securityaffairs.co/wordpress/56672/malware/shamoon-2-malware-c2.html