Ukraine users have reportedly been targeted by a malware known as HermeticWiper.1 Known for wiping out data on victims’ computers, the malware has affected hundreds of systems since it emerged.
Using two publicly accessible reports2,3 as sources of known indicators of compromise (IoCs), we discovered various artifacts that could be related to the threat.
Our analysis revealed:
- Hundreds of domains that resolved to the identified IP address IoCs
- Unredacted domain registrant email addresses that led to the discovery of 12,000+ possibly connected domains, 14 of which were dubbed “dangerous” by various malware engines
Download the threat research materials now to access a sample of the complete list of identified artifacts used to conduct additional enrichment and threat analysis. For full data access and enterprise commercial enquiries, please contact us.
-  https://www.techrepublic.com/article/destructive-hermeticwiper-malware-strikes-ukraine/
-  https://otx.alienvault.com/pulse/6221e064ab53d099b089c787
-  https://exchange.xforce.ibmcloud.com/threats/guid:8f567bf37931315efec52b98b13f6f86