otx.alienvault.com
Open in
urlscan Pro
13.224.198.55
Public Scan
URL:
https://otx.alienvault.com/pulse/626bc73ca6cd90172e9a1b25?utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=otx&utm_c...
Submission: On April 29 via api from US — Scanned from DE
Submission: On April 29 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (185098) Suggest Edit Clone Embed Download Report Spam AN OVERVIEW OF THE INCREASING WIPER MALWARE THREAT * Created 3 hours ago by AlienVault * Public * TLP: White In parallel with the war in Ukraine, cybersecurity researchers have witnessed a sudden increase in the number of wiper malware deployments. Although these haven't been officially attributed to Russian state-sponsored threat actors, their goals align with the Russian military's. It is widely theorized that these cyberattacks are intentionally being launched in concert with the invasion. Reference: https://www.fortinet.com/blog/threat-research/the-increasing-wiper-malware-threat Tags: wiper, Ransomware, HermeticWiper, IsaacWiper, CaddyWiper, WhisperKill, WhisperGate, Shamoon, Ordinypt, Olympic Destroyer, NotPetya, Dustman, ZeroCleare, DoubleZero, AcidRain Industries: Critical Infrastructure, Energy, Oil Targeted Countries: Korea, Republic of , Ukraine , Russian Federation Att&ck IDs: T1049 - System Network Connections Discovery , T1490 - Inhibit System Recovery , T1082 - System Information Discovery , T1110 - Brute Force , T1104 - Multi-Stage Channels , T1036 - Masquerading , T1195 - Supply Chain Compromise , T1072 - Software Deployment Tools , T1006 - Direct Volume Access , T1053 - Scheduled Task/Job , T1070 - Indicator Removal on Host , T1083 - File and Directory Discovery , T1485 - Data Destruction , T1486 - Data Encrypted for Impact , T1495 - Firmware Corruption , T1529 - System Shutdown/Reboot , T1542 - Pre-OS Boot , T1561 - Disk Wipe , T1562 - Impair Defenses , T1569 - System Services Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (126) * Related Pulses (250) * Comments (0) * History (0) FileHash-MD5 (40)FileHash-SHA256 (46)FileHash-SHA1 (40) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses FileHash-SHA256f188abc33d351c2254d794b525c5a8b79ea78acd3050cd8d27d3ecfc568c2936Win.Trojan.Agent-1388735Apr 29, 2022, 11:08:45 AM6 FileHash-SHA256f07b0c79a8c88a5760847226af277cf34ab5508394a58820db4db5a8d0340fc7Win64:Trojan-genApr 29, 2022, 11:08:45 AM8 FileHash-SHA256edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9BackdoorWin32DeppeelsApr 29, 2022, 11:08:45 AM8 FileHash-SHA256eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998Apr 29, 2022, 11:08:45 AM6 FileHash-SHA256dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78Win32:DropperX-gen\ [Drp]Apr 29, 2022, 11:08:45 AM60 FileHash-SHA256d934cb8d0eadb93f8a57a9b8853c5db218d5db78c16a35f374e413884d915016RansomWin32WagcryptApr 29, 2022, 11:08:45 AM5 FileHash-SHA256d897f07ae6f42de8f35e2b05f5ef5733d7ec599d5e786d3225e66ca605a48f53Apr 29, 2022, 11:08:45 AM8 FileHash-SHA256c7fc1f9c2bed748b50a599ee2fa609eb7c9ddaeb9cd16633ba0d10cf66891d8aWin64:Malware-genApr 29, 2022, 11:08:45 AM12 FileHash-SHA256becb74a8a71a324c78625aa589e77631633d0f15af1473dfe34eca06e7ec6b86Trojan:Win64/ZeroClear!MSRApr 29, 2022, 11:08:45 AM2 FileHash-SHA256be2fb06b0a61f72d901ea3d650912bb12ef94896528cca6f8f9466e49c1d0721Apr 29, 2022, 11:08:45 AM1 SHOWING 1 TO 10 OF 126 ENTRIES 1 2 3 4 5 ... 13 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status