CaddyWiper

Description

(ESET) ESET researchers have uncovered yet another destructive data wiper that was used in attacks against organizations in Ukraine. Dubbed CaddyWiper by ESET analysts, the malware was first detected at 11.38 a.m. local time (9.38 a.m. UTC) on Monday. The wiper, which destroys user data and partition information from attached drives, was spotted on several dozen systems in a limited number of organizations. It is detected by ESET products as Win32/KillDisk.NCX. CaddyWiper bears no major code similarities to either HermeticWiper or IsaacWiper, the other two new data wipers that have struck organizations in Ukraine since February 23rd. Much like with HermeticWiper, however, there’s evidence to suggest that the bad actors behind CaddyWiper infiltrated the target’s network before unleashing the wiper.

Names

Name
CaddyWiper
KillDisk.NCX

Category

Malware

Type

• Wiper

Information

• https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/
• https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html
• https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/
• https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine
• https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
• https://therecord.media/a-deeper-look-at-the-malware-being-used-on-ukrainian-targets/
• https://cybersecurity.att.com/blogs/labs-research/analysis-on-recent-wiper-attacks-examples-and-how-they-wiper-malware-works

Mitre Attack

• https://attack.mitre.org/software/S0693/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.caddywiper

Other Information

Uuid

ed300463-d915-45b0-b79f-0a31acfe6bb0

Last Card Change

2022-12-30