• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2022-0022 – Palo Alto Networks PAN-OS Vulnerability
March 14, 2022
Rewterz Threat Advisory – Multiple IBM Vulnerabilities
March 15, 2022

Rewterz Threat Alert – CaddyWipper Ransomware – Active IOCs

March 15, 2022

Severity

Medium

Analysis Summary

CaddyWiper is another destructive data wiper suspected to be targeting Ukraine. The wiper, which erases user data and information from associated drives, was discovered on several systems in a limited number of companies. By overwriting the data with a NULL value, CaddyWiper removes all files under C:\Users as well as all files under accessible discs from D: to Z:.
If the size of the target file exceeds 0xA00000 bytes (10MB), it only wipes the first 0xA00000 bytes. CaddyWiper shares no code similarities with HermeticWiper or IsaacWiper, the other two new data wipes that have infected Ukrainian organizations. However, this wiper has a tactical overlap with HermeticWiper as it was deployed via the Windows domain controller, implying that the attackers had gained control of the Active Directory server.

Impact

  • Data Exfiltration
  • Credential Theft
  • Financial Loss

Indicators of Compromise

Filename

  • 4n1e0qlh8[.]dll
  • caddy1[.]exe

MD5

  • 42e52b8daf63e6e26c3aa91e7e971492
  • 42e2b6e4fba51ec71235e28ddff27a76
  • 3bac736dfc996976ebd089338cf38c8b
  • 3a4b1c1f68811b38be74e99e572efae9

SHA-256

  • a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea
  • 1e87e9b5ee7597bdce796490f3ee09211df48ba1d11f6e2f5b255f05cc0ba176
  • ea6a416b320f32261da8dafcf2faf088924f99a3a84f7b43b964637ea87aef72
  • f1e8844dbfc812d39f369e7670545a29efef6764d673038b1c3edd11561d6902

SHA1

  • 98b3fb74b3e8b3f9b05a82473551c5a77b576d54
  • 4f3362ebac2503906179bd7c002f573886fa85a5
  • fc11fb670300addfd203da826c3d0c7b8b8efe24
  • c22e17dd8f7b2687011cecc8b2208ceb6cf9b995

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.