HermeticWiper: Another Threat Targeting Ukraine at Large | WhoisXML API

Threat Reports

HermeticWiper: Another Threat Targeting Ukraine at Large

Ukraine users have reportedly been targeted by a malware known as HermeticWiper.1 Known for wiping out data on victims’ computers, the malware has affected hundreds of systems since it emerged.

Using two publicly accessible reports2,3 as sources of known indicators of compromise (IoCs), we discovered various artifacts that could be related to the threat.

Our analysis revealed:

  • Hundreds of domains that resolved to the identified IP address IoCs
  • Unredacted domain registrant email addresses that led to the discovery of 12,000+ possibly connected domains, 14 of which were dubbed “dangerous” by various malware engines

Download the threat research materials now to access a sample of the complete list of identified artifacts used to conduct additional enrichment and threat analysis. For full data access and enterprise commercial enquiries, please contact us.

  • [1] https://www.techrepublic.com/article/destructive-hermeticwiper-malware-strikes-ukraine/
  • [2] https://otx.alienvault.com/pulse/6221e064ab53d099b089c787
  • [3] https://exchange.xforce.ibmcloud.com/threats/guid:8f567bf37931315efec52b98b13f6f86
Try our WhoisXML API for free
Get started