#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine https://abs.twimg.com/emoji/v2/... draggable="false" alt="🇺🇦" title="Vlag van Oekraïne" aria-label="Emoji: Vlag van Oekraïne">. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7
#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine https://abs.twimg.com/emoji/v2/... draggable=. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7" title=" #BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine https://abs.twimg.com/emoji/v2/... draggable="false" alt="🇺🇦" title="Vlag van Oekraïne" aria-label="Emoji: Vlag van Oekraïne">. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7">
#BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine https://abs.twimg.com/emoji/v2/... draggable=. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7" title=" #BREAKING #ESETresearch warns about the discovery of a 3rd destructive wiper deployed in Ukraine https://abs.twimg.com/emoji/v2/... draggable="false" alt="🇺🇦" title="Vlag van Oekraïne" aria-label="Emoji: Vlag van Oekraïne">. We first observed this new malware we call #CaddyWiper today around 9h38 UTC. 1/7">
This new malware erases user data and partition information from attached drives. #ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations. 2/7
CaddyWiper does not share any significant code similarity with #HermeticWiper, #IsaacWiper or any other malware known to us. The sample we analyzed was not digitally signed. 3/7 https://twitter.com/ESETresearch/status/1498644580052439040">https://twitter.com/ESETresea...
Similarly to HermeticWiper deployments, we observed CaddyWiper being deployed via GPO, indicating the attackers had prior control of the target& #39;s network beforehand. 4/7 https://twitter.com/ESETresearch/status/1496581914769207298">https://twitter.com/ESETresea...
Interestingly, CaddyWiper avoids destroying data on domain controllers. This is probably a way for the attackers to keep their access inside the organization while still disturbing operations. 5/7
Information from the PE header of CaddyWiper suggests it was compiled the same day it was deployed to targeted networks. 6/7
IoCs
98b3fb74b3e8b3f9b05a82473551c5a77b576d54 (caddy.exe)
ESET detection name: Win32/KillDisk.NCX
#ESETresearch
7/7
You can follow @ESETresearch.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more