The Anatomy of Wiper Malware, Part 1: Common Techniques

A wiper is a type of malware with a single purpose: to erase user data beyond recoverability. Wipers are used to destroy computer networks in public or private companies ranging from industrial to entertainment sectors. Threat actors also use wipers to cover up traces left after an intrusion, weakening their victim’s ability to respond.

REFERENCE: https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/

TAGS: sqlshred, doublezero, stonedrill, caddywiper, killdisk, isaacwiper, whispergate, ordinypt, apostle, meteor, destover, shamoon, zerocleare, wiper, israbye, petya, comet

MALWARE FAMILIES: SQLShred, Ordinypt, StoneDrill - S0380, CaddyWiper - S0693, KillDisk - S0607, IsaacWiper, Apostle, WhisperGate - S0689, Meteor - S0688, Destover, Shamoon - S0140, ZeroCleare, IsraBye, Petya

ATT&CK IDS: T1471 - Data Encrypted for Impact, T1561.001 - Disk Content Wipe, T1561.002 - Disk Structure Wipe, T1485 - Data Destruction, T1070.004 - File Deletion, T1083 - File and Directory Discovery

Read More:

https://otx.alienvault.com/pulse/62fb63472ecdcf87d224c969