DEADWOOD

Malware & Tools · DEADWOOD

· MalwareS1134 · Zararlı Yazılım

Type

malware

Techniques

Used By

2 groups

Platforms

Windows

Description

DEADWOOD is wiper malware written in C++ using Boost libraries. DEADWOOD was first observed in an unattributed wiping event in Saudi Arabia in 2019, and has since been incorporated into Agrius operations.(Citation: SentinelOne Agrius 2021)

Tactic Coverage

stealth (4)impact (4)discovery (1)execution (1)

Used By (2 groups)

G0064APT33HOLMIUM, Elfin G1030AgriusPink Sandstorm, AMERICIUM

Techniques (10)

T1027.009Embedded Payloads

stealth

T1027.013Encrypted/Encoded File

stealth

T1036.004Masquerade Task or Service

stealth

T1124System Time Discovery

discovery

T1140Deobfuscate/Decode Files or Information

stealth

T1485Data Destruction

impact

T1531Account Access Removal

References

https://attack.mitre.org/software/S1134 https://assets.sentinelone.com/sentinellabs/evol-agrius