ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool KillDisk

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: KillDisk

NamesKillDisk
CategoryMalware
TypeWiper
Description(Trend Micro) The malware has since metamorphosed into a threat used for digital extortion, affecting Windows and Linux platforms. The note accompanying the ransomware versions, like in the case of Petya, was a ruse: Because KillDisk also overwrites and deletes files (and don’t store the encryption keys on disk or online), recovering the scrambled files was out of the question. The new variant we found, however, does not include a ransom note.
Information<https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/>
<http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.killdisk>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:killdisk>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

Previous: Kikothac
Next: Killua

All groups using tool KillDisk

ChangedNameCountryObserved

APT groups

 Lazarus Group, Hidden Cobra, Labyrinth ChollimaNorth Korea2007-Spring 2021X
 TeleBotsRussia2015-Oct 2020X

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key