• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

HermeticWiper Malware

Released: Mar 02, 2022

Download PDF »

HermeticWiper Malware

Medium Severity

Malware Type

Destructive malware targeting organizations in Ukraine

Malware known as Hermetic (or, FoxBlade) was found by cybersecurity researchers being used against organizations in Ukraine. Learn More »

Background

Malware actors have deployed destructive malware targetting organizations in Ukraine during the advent of the unprovoked Russian attack against Ukraine. The malware when executed on a Windows PC can wipe the partitions ending up destroying all data and the operating system.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


FortiGuard has Anti-VIrus detection coverage on the malware as W32/KillDisk.NCV!tr. The ANN and behavioural detects the malware as trojan downloader and high risk, respectively.


February 26, CISA announced a destructive malware targetting Ukraine known as HermeticWiper..

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • AV (Pre-filter)

  • Behavior Detection

  • ANN

DETECT

  • Threat Hunting

  • Outbreak Detection

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
23873bf2670cf64c2440058130548d4e4da412dd file Active
download.logins.online domain Active
logins.online domain Active
a196c6b8ffcb97ffb276d04f354696e2391311db3841ae1... file Active
dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b5... file Active
923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b... file Active
9ef7dbd3da51332a78eff19146d21c82957821e464e8133... file Active
34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2... file Active
http://surname192.temp.swtest.ru/prapor/su/derg.gif url Active
surname192.temp.swtest.ru domain Active
3f4a16b29f2f0532b7ce3e7656799125 file Active
1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672... file Active
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e1... file Active
0385eeab00e946a302b24a91dea4187c1210597b8e17cd9... file Active
2c10b2ec0b995b88c27d141d6f7b14d6b8177c52818687e... file Active
178b0739ac2668910277cbf13f6386e8 file Active
23ef301ddba39bb00f0819d2061c9c14d17dc30f780a945... file Active
2b7b4ad2947516e633f5008ace02690d file Active
2c7732da3dcfc82f60f063f2ec9fa09f9d38d5cfbe80c85... file Active
2cc96a41092e7adf726365bbc5726150 file Active
3751b3326f3963794d3835dbf65ac048 file Active
3cfc9972ad7cbd13cac51aade3f2b501 file Active
53ee0babcf03b17e02e4317b6a410b93 file Active
56be65fe4d9709c10cae511d53d92d1a file Active
5f568c80ab68a4132506f29ede076679 file Active
6d40826dc7a9c1f5fc15e9823f30966b file Active
6fa9d3407b70e3928be3ee0a85ddb01c file Active
714f8341bd1c4bc1fc38a5407c430a1a file Active
74ce360565fa23d9730fe0c5227c22e0 file Active
7c1626fcaf47cdfe8aaed008d4421d8c file Active
8293816be7f538ec6b37c641e9f9287f file Active
8c614cf476f871274aa06153224e8f7354bf5e23e685335... file Active
94.158.244.27 ip Active
9f566a164a5c6ae046c24d0e911dc577 file Active
9fe8203b06c899d15cb20d2497103dbb file Active
b25865010562a3863ef892311644b3bb file Active
ba1f2bfe95b219354ddad04b79579346 file Active
bc740d642893e0fe23c75264ca7c2bca file Active
bdcb83cc6f54d571a2c102fbbd8083c7 file Active
c2ef9f814fc99670572ee76ba06d24da file Active
c3564bde7b49322f2bacdc495146cfbc file Active
cloud-file.online domain Active
coagula.online domain Active
d5628fe5de110e321110bbc76061702b file Active
declaration.deed.coagula.online domain Active
deer.dentist.coagula.online domain Active
e6a9e19e1b019f95bfc5a4e161794a7f file Active
fd4de6bb19fac13487ea72d938999fbd file Active
files-download.infousa.xyz domain Active
http://94.158.244.27/absolute.ace url Active
http://94.158.244.27/distant.cdr url Active
http://download.logins.online/exe/LinK13112020.msi url Active
http://files-download.infousa.xyz/Windows_photo... url Active
http://files-download.infousa.xyz/Windows_photo... url Active
http://kfctm.online/0102adqeczoL2.txt url Active
http://kfctm.online/0802adqeczoL7.msi url Active
http://my.cloud-file.online/Microsoft_VieweR_2012.msi url Active
http://my.mondeychamp.xyz/ReadMe.msi url Active
http://my.mondeychamp.xyz/uUi1rV.msi url Active
http://surname192.temp.swtest.ru/prapor/su/flages.gif url Active
http://surname192.temp.swtest.ru/prapor/su/flagua.gif url Active
http://surname192.temp.swtest.ru/prapor/su/ino.gif url Active
infousa.xyz domain Active
kfctm.online domain Active
mondeychamp.xyz domain Active
my.cloud-file.online domain Active
my.mondeychamp.xyz domain Active
61b25d11392172e587d8da3045812a66c3385451 file Active
912342f1c840a42f6b74132f8a7c4ffe7d40fb77 file Active
a64c3e0522fad787b95bfb6a30c3aed1b5786e69e88e023... file Active
stephanie.jones2024@protonmail.com email Active
vote2024forjb@protonmail.com email Active
vote2024forjp@protonmail.com email Active
06086c1da4590dcc7f1e10a6be3431e1166286a9e7761f2... file Active
095a1678021b034903c85dd5acb447ad file Active
84ba0197920fd3e2b7dfa719fee09d2f file Active
a952e288a1ead66490b3275a807f52e5 file Active
d5d2c4ac6c724cd63b69ca054713e278 file Active
eb845b7a16ed82bd248e395d9852f467 file Active
231b3385ac17e41c5bb1b1fcb59599c4 file Active
gcbejm2rcjftouqbxuhimj5oroouqcuxb2my4raxqa7efkz... domain Active
gcbejm2rcjftouqbxuhimj5oroouqcuxb2my4raxqa7efkz... domain Inactive
http://gcbejm2rcjftouqbxuhimj5oroouqcuxb2my4rax... url Active
https://gcbejm2rcjftouqbxuhimj5oroouqcuxb2my4ra... url Active
3c557727953a8f6b4788984464fb77741b821991acbf5e7... file Active
95.101.28.0 ip Active
095c7fa99dbc1ed7a3422a52cc61044ae4a25f7f5e998cc... file Active
0db5e5b68dc4b8089197de9c1e345056f45c006b7b487f7... file Active
7e154d5be14560b8b2c16969effdb8417559758711b0561... file Active
b60c0c04badc8c5defab653c581d57505b3455817b57ee7... file Active
c2d06ad0211c24f36978fe34d25b0018ffc0f22b0c74fd1... file Active
d4e97a18be820a1a3af639c9bca21c5f85a3f49a37275b3... file Active
f50ee030224bf617ba71d88422c25d7e489571bc1aba9e6... file Active
92b9198b4aed95932db029236cb8879a01c73494b545bca... file Active
ca3c4cd3c2edc816c1130e6cac9bdd08f83aef0b8e6f3d0... file Active
3c54c9a49a8ddca02189fe15fea52fe24f41a86f file Active
6b5958bfabfe7c731193adb96880b225c8505b73 file Active
736a4cfad1ed83a6a0b75b0474d5e01a3a36f950 file Active
ac5b6f16fc5115f0e2327a589246ba00b41439c2 file Active
ad602039c6f0237d4a997d5640e92ce5e2b3bba3 file Active

References

Sources of information in support and relation to this Outbreak and vendor.


FortiGuard Threat Signal

Learn More »
Update

Learn More »
About FortiGuard Outbreak Alerts

Learn More »