eSentire Threat Intelligence Malware Analysis: HermeticWiper &…
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 46cf7ee3-46a3-4956-85ea-3978cc969e80 |
| Fingerprint | a50028f56774a793 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 16, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | eSentire Threat Intelligence Malware Analysis: HermeticWiper & PartyTicket |
| Title | eSentire Threat Intelligence Malware Analysis: HermeticWiper &… |
| Detected Hints/Tags/Attributes | 124/2/33 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 5 | cve-2021-1636 |
|
| Details | CVE | 71 | cve-2020-0688 |
|
| Details | CVE | 184 | cve-2021-26855 |
|
| Details | CVE | 90 | cve-2021-26857 |
|
| Details | CVE | 92 | cve-2021-26858 |
|
| Details | CVE | 126 | cve-2021-27065 |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 452 | msrc.microsoft.com |
|
| Details | Domain | 281 | docs.microsoft.com |
|
| Details | Domain | 8 | pkg.go.dev |
|
| Details | File | 5 | epmntdrv.sys |
|
| Details | File | 1 | c:\windows\system32\drivers\rhdr.sys |
|
| Details | File | 9 | read_me.html |
|
| Details | File | 1 | xxxxxxxx-11ec-xxx-000c29xxxxxx.exe |
|
| Details | File | 1 | c:\workdir\xxxxxxxx-xxxx-11ec-xxxx-000c29xxxxxx.exe |
|
| Details | File | 1 | xxxxxxxx-xxxx-11ec-xxxx-000c29xxxxxx.exe |
|
| Details | sha256 | 18 | 0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da |
|
| Details | sha256 | 9 | 4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382 |
|
| Details | sha256 | 23 | 1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591 |
|
| Details | sha256 | 11 | 3c557727953a8f6b4788984464fb77741b821991acbf5e746aebdd02615b1767 |
|
| Details | sha256 | 7 | 06086c1da4590dcc7f1e10a6be3431e1166286a9e7761f2de9de79d7fda9c397 |
|
| Details | sha256 | 11 | 2c10b2ec0b995b88c27d141d6f7b14d6b8177c52818687e4ff8e6ecf53adf5bf |
|
| Details | sha256 | 9 | e5f3ef69a534260e899a36cec459440dc572388defd8f1d98760d31c700f42d5 |
|
| Details | sha256 | 9 | b01e0c6ac0b8bcde145ab7b68cf246deea9402fa7ea3aede7105f7051fe240c1 |
|
| Details | sha256 | 9 | b6f2e008967c5527337448d768f2332d14b92de22a1279fd4d91000bb3d4a0fd |
|
| Details | sha256 | 9 | fd7eacc2f87aceac865b0aa97a50503d44b799f27737e009f91f3c281233c17d |
|
| Details | Pdb | 1 | epmntdrv.pdb |
|
| Details | Url | 3 | https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack |
|
| Details | Url | 1 | https://venturebeat.com/2022/02/27/ukraine-border-control-hit-with-wiper-cyberattack-slowing-refugee-crossing |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia |
|
| Details | Url | 1 | https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1636 |
|
| Details | Url | 11 | https://docs.microsoft.com |
|
| Details | Url | 1 | https://pkg.go.dev/math/rand |