SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): APT28
CaddyWiper is another destructive malware believed to be deployed to target Ukraine.
CaddyWiper wipes all files under C:\Users and all also all files under available drives from D: to Z: by overwriting the data with NULL value. If the target file is greater than 0xA00000 bytes in size (10MB), it will only wipe the first 0xA00000 bytes.
It also wipes disk partitions from \\.\PHYSICALDRIVE9 to \\.\PHYSICALDRIVE0 by overwriting the first 0x780 bytes with NULL.
2023-11-09
⋅
Mandiant
⋅
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology CaddyWiper |
2023-07-12
⋅
Mandiant
⋅
The GRU's Disruptive Playbook CaddyWiper INDUSTROYER2 XakNet |
2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
2023-03-15
⋅
Microsoft
⋅
A year of Russian hybrid warfare in Ukraine CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate |
2023-02-15
⋅
Google
⋅
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla |
2023-01-27
⋅
⋅
Cert-UA
⋅
Cyber attack on the Ukrinform information and communication system CaddyWiper |
2023-01-24
⋅
Fortinet
⋅
The Year of the Wiper Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar |
2022-12-03
⋅
Microsoft
⋅
Preparing for a Russian cyber offensive against Ukraine this winter CaddyWiper HermeticWiper Prestige |
2022-10-24
⋅
Youtube (Virus Bulletin)
⋅
Russian wipers in the cyberwar against Ukraine AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate |
2022-09-26
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 3: Input/Output Controls CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
2022-09-23
⋅
Mandiant
⋅
GRU: Rise of the (Telegram) MinIOns ArguePatch CaddyWiper XakNet |
2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
2022-08-12
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 1: Common Techniques Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
2022-05-02
⋅
AT&T
⋅
Analysis on recent wiper attacks: examples and how wiper malware works AcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper |
2022-04-28
⋅
Fortinet
⋅
An Overview of the Increasing Wiper Malware Threat AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare |
2022-04-27
⋅
Microsoft
⋅
Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate |
2022-04-12
⋅
ESET Research
⋅
Industroyer2: Industroyer reloaded ArguePatch CaddyWiper Industroyer INDUSTROYER2 |
2022-04-12
⋅
Max Kersten's Blog
⋅
Ghidra script to handle stack strings CaddyWiper PlugX |
2022-04-12
⋅
⋅
Cert-UA
⋅
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435) CaddyWiper Industroyer INDUSTROYER2 |
2022-04-12
⋅
ESET Research
⋅
Industroyer2: Industroyer reloaded CaddyWiper INDUSTROYER2 |
2022-04-12
⋅
Twitter (@silascutler)
⋅
Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2 CaddyWiper INDUSTROYER2 |
2022-04-05
⋅
Morphisec
⋅
New Analysis: The CaddyWiper Malware Attacking Ukraine CaddyWiper |
2022-04-01
⋅
splunk
⋅
Threat Update: CaddyWiper CaddyWiper |
2022-03-31
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: CaddyWiper CaddyWiper |
2022-03-26
⋅
n0p Blog
⋅
Analysis of a Caddy Wiper Sample Targeting Ukraine CaddyWiper |
2022-03-25
⋅
GOV.UA
⋅
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22 Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT |
2022-03-24
⋅
NextGov
⋅
Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid CaddyWiper DoubleZero HermeticWiper IsaacWiper |
2022-03-18
⋅
Malwarebytes
⋅
Double header: IsaacWiper and CaddyWiper CaddyWiper IsaacWiper |
2022-03-17
⋅
NioGuard
⋅
Analysis of CaddyWiper CaddyWiper |
2022-03-16
⋅
Cyber Security News
⋅
Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations CaddyWiper |
2022-03-15
⋅
ESET Research
⋅
CaddyWiper: New wiper malware discovered in Ukraine CaddyWiper |
2022-03-15
⋅
SecurityAffairs
⋅
CaddyWiper, a new data wiper hits Ukraine CaddyWiper |
2022-03-15
⋅
Twitter (@HackNPatch)
⋅
Tweet on Exploring CaddyWiper API resolution CaddyWiper |
2022-03-15
⋅
TRUESEC
⋅
Analysis of CaddyWiper, wiper targeting Ukraine CaddyWiper |
2022-03-15
⋅
SecurityIntelligence
⋅
CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations CaddyWiper |
2022-03-15
⋅
The Hacker News
⋅
CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks CaddyWiper |
2022-03-15
⋅
Cisco
⋅
Threat Advisory: CaddyWiper CaddyWiper |
2022-03-14
⋅
Bleeping Computer
⋅
New CaddyWiper data wiping malware hits Ukrainian networks CaddyWiper |
2022-03-14
⋅
Twitter (@ESETresearch)
⋅
Tweet on CaddyWiper as 3rd destructive wiper found deployed against Ukraine CaddyWiper Sunglow Blizzard |
2022-03-14
⋅
Cybernews
⋅
New destructive wiper malware deployed in Ukraine CaddyWiper |
2022-02-28
⋅
Microsoft
⋅
Cyber threat activity in Ukraine: analysis and resources CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586 |