win.arguepatch (Back to overview)


Actor(s): APT28, Sandworm

During a campaign against a Ukrainian energy provider, a new loader of a new version of CaddyWiper called "ArguePatch" was observed by ESET researchers. ArguePatch is a modified version of Hex-Ray's Remote Debugger Server (win32_remote.exe).
ArguePatch expects a decryption key and the file of the CaddyWiper shellcode as command line parameters.

2022-09-23MandiantMandiant Intelligence
GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper XakNet
2022-04-12ESET ResearchESET Research
Industroyer2: Industroyer reloaded
ArguePatch CaddyWiper Industroyer INDUSTROYER2

There is no Yara-Signature yet.