“dynowiper operates in a broadly similar fashion to the zov wiper. notably, the exclusion of certain directories and especially the clear separate logic present in the code for wiping smaller and larger files can also be found in the zov wiper. zov is destructive malware that we d…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
98%
“dynowiper ’ s workflow can be divided into three distinct phases, which are described later in the text. the schtask *. exe samples include only the first two phases and introduce a five - second delay between them. in contrast, < redacted > _ update. exe implements all three pha…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
95%
“) followed by null bytes. after completing this quick wipe, it prints how many directories and files were wiped, and runs the shell command time / t & ver & rmdir c : \ \ / s / q & & dir & & shutdown / r ( print current local time and windows version, erase the contents of the c …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
94%
“##r malware – malicious software designed to delete files, erase data, and render systems unbootable. its operators have a long history of conducting such cyberattacks, and we have documented their activity extensively. in this blogpost, we focus on their recent operations involv…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
93%
“bin - $ recycle. bin - boot - perflogs - appdata - documents and settings for < redacted > _ update. exe and schtask. exe, the second phase behaves similarly, but this time the previously excluded directories are not skipped in the root directory ( e. g., c : \ ). as a result, a …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
92%
“both prevention and remediation efforts. besides ukraine, sandworm has a decade - long history of targeting companies in poland, including those in the energy sector. typically, these operations have been conducted covertly for cyberespionage purposes, as seen in the blackenergy …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
89%
“- wiping malware in their operations against targets in european union countries. the following factors contradict a sandworm attribution : although sandworm has previously targeted companies in poland, it typically did so covertly – either for cyberespionage purposes only or by …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
86%
“dynowiper update : technical analysis and attribution in this blog post, we provide more technical details related to our previous dynowiper publication. key points of the report : - eset researchers identified new data - wiping malware that we have named dynowiper, used against …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1484.001Group Policy Modification
69%
“##xistent bitcoin address. destructive malware deployment methods sandworm typically abuses active directory group policy to deploy its data - wiping malware across all machines within a compromised network. organization - wide gpo deployment generally requires domain admin privi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
41%
“##promising the ukrainian accounting software m. e. doc. in 2018 - 02, sandworm launched the olympic destroyer data - wiping attack against organizers of the 2018 winter olympics in pyeongchang. the sandworm group uses such advanced malware as industroyer, which is able to commun…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1003.001LSASS Memory
33%
“. other tools deployed we identified additional tools used within the same network prior to deployment of the wiper. in early stages of the attack, attackers attempted to download the publicly available rubeus tool. the following path was used : c : \ users \ < username > \ downl…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.001Malware
30%
“, hermeticwiper, hermeticransom, caddywiper, doublezero, arguepatch, orcshred, soloshred, awfulshred, prestige ransomware, ransomboggs ransomware, sdelete - based wipers, bidswipe, roarbat, swiftslicer, nikowiper, sharpnikowiper, zerolot, sting wiper, and zov wiper. it should be …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector