2022-03-01

IsaacWiper and HermeticWizard

Level: 
Tactical
  |  Source: 
WeLiveSecurity
Share:

IsaacWiper and HermeticWizard

Industry: N/A | Level: Tactical | Source: WeLiveSecurity

Researchers at ESET have identified another wiper, IsaacWiper that was compiled as early as October 19th, 2021 and deployed against Ukraine on February 24th, 2022. There are limited details regarding IsaacWiper, as investigation is still on-going. Alternatively, a new support malware for HermeticWiper was identified named HermeticWizard. The malware HermeticWizard aids the wiper component as it "spreads HermeticWiper across a local network via WMI and SMB." There are no coding similarities between the two wiper malware HermeticWiper and IsaacWiper. Both HermeticWiper and HermeticWizard use the same (now revoked) code-signing certificate from "Hermetica Digital Ltd issued on April 13th, 2021."

  • Anvilogic Scenarios:
  • Trojan.Killdisk/HermeticWiper - Execution Behaviors
  • HermeticWizard - Behaviors
  • Anvilogic Use Cases:
  • regsvr32 Execution
  • Rundll32 Command Line
  • Windows Admin$ Share Access

Get trending threats published weekly by the Anvilogic team.

Sign Up Now