Wiper Malware – A Detection Deep Dive
Contents
This post was authored by Christopher Marczewski with contributions from Craig WIlliams
*This blog post has been updated to include Command and Control IP addresses used by the malware.
A new piece of wiper malware has received quite a bit of media attention. Despite all the recent press, Cisco’s Talos team has historic examples of this type of malware going back to the 1990s. Data is the new target, this should not surprise anyone. Recent examples of malware effectively “destroying” data – putting it out of victims’ reach – also include Cryptowall, and Cryptolocker, common ransomware variants delivered by exploit kits and other means.
Wiping systems is also an effective way to cover up malicious activity and make incident response more difficult, such as in the case of the DarkSeoul malware in 2013.
Any company that introduced proper back-up plans in response to recent ransomware like Cryptolocker or Cryptowall should already be protected to …
*This blog post has been updated to include Command and Control IP addresses used by the malware.
A new piece of wiper malware has received quite a bit of media attention. Despite all the recent press, Cisco’s Talos team has historic examples of this type of malware going back to the 1990s. Data is the new target, this should not surprise anyone. Recent examples of malware effectively “destroying” data – putting it out of victims’ reach – also include Cryptowall, and Cryptolocker, common ransomware variants delivered by exploit kits and other means.
Wiping systems is also an effective way to cover up malicious activity and make incident response more difficult, such as in the case of the DarkSeoul malware in 2013.
Any company that introduced proper back-up plans in response to recent ransomware like Cryptolocker or Cryptowall should already be protected to …
IoC
0753f8a7ae38fdb830484d0d737f975884499b9335e70b7d22b7d4ab149c01b5
200.87.126.116
203.131.222.102
212.31.102.100
217.96.33.164
58.185.154.99
88.53.215.64
e2ecec43da974db02f624ecadc94baf1d21fd1a5c4990c15863bb9929f781a0a
200.87.126.116
203.131.222.102
212.31.102.100
217.96.33.164
58.185.154.99
88.53.215.64
e2ecec43da974db02f624ecadc94baf1d21fd1a5c4990c15863bb9929f781a0a