HermeticWiper
Description
(SentinelOne) At first glance, HermeticWiper appears to be a custom-written application with very few standard functions. The malware sample is 114KBs in size and roughly 70% of that is composed of resources. The developers are using a tried and tested technique of wiper malware, abusing a benign partition management driver, in order to carry out the more damaging components of their attacks. Both the Lazarus Group (Destover) and APT33 (DistTrack) took advantage of Eldos RawDisk in order to get direct userland access to the filesystem without calling Windows APIs. HermeticWiper uses a similar technique by abusing a different driver, empntdrv.sys.
Names
| Name |
|---|
| HermeticWiper |
| DriveSlayer |
| FoxBlade |
| KillDisk.NCV |
| Trojan.Killdisk |
| NEARMISS |
Category
Malware
Type
- Wiper
Information
- https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/
- https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/
- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
- https://blog.talosintelligence.com/2022/02/threat-advisory-hermeticwiper.html
- https://securityintelligence.com/posts/new-destructive-malware-cyber-attacks-ukraine/
- https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
- https://securelist.com/elections-goransom-and-hermeticwiper-attack/105960/
- https://www.deepinstinct.com/blog/hermeticwiper-malware-the-russian-ukrainian-cyber-war
- https://www.cybereason.com/blog/cybereason-vs.-hermeticwiper-and-isaacwiper
- https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
- https://therecord.media/a-deeper-look-at-the-malware-being-used-on-ukrainian-targets/
- https://cybersecurity.att.com/blogs/labs-research/analysis-on-recent-wiper-attacks-examples-and-how-they-wiper-malware-works
- https://www.cyfirma.com/outofband/hermetic-wiper-malware-report/
Mitre Attack
Malpedia
Other Information
Uuid
52c5df55-aa7b-4911-8f6f-5853927e6668
Last Card Change
2023-04-26