Rewterz Threat Alert – BazarLoader Malware – Active IOCs
March 11, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
March 11, 2022Rewterz Threat Alert – BazarLoader Malware – Active IOCs
March 11, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
March 11, 2022Severity
Medium
Analysis Summary
Trojan.Killdisk is a new disk-wiping malware recently discovered by security researchers. The wiper attacks are targeted towards Ukraine in support of the Russian invasion, and these signatures can also be seen in attacks in Lithuania. Targeted sectors are aviation, defense, IT services, and financial sector.
HermeticWiper (Trojan.Killdisk) is interestingly digitally signed by a certificate issued to Hermetica Digital Ltd (the origin of the name).
Upon execution, HermeticWiper will damage the MBR (Master Boot Record) of the victim’s system, which will render it inoperable. Organizations compromised using this wiper date back to November of 2021. A Microsoft SQL Server vulnerability was also used to attack organizations in Ukraine and along with the wiper, ransomware was also deployed against affected organizations.
Impact
- Data Loss
- File Encryption
- Financial Loss
Indicators of Compromise
Filename
- hermeticwiper2[.]exe
MD5
- a32a33fa0b793ed33a2af8be749820be
SHA-256
- e259bfd145e3b290f0e205b7177bb6e659e3af236f2aaad8ba57c2d927776018
SHA-1
- 07f6cc9b9dcd0ca6b7bd708af6e464896d02f0f1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.