Foxblade

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Foxblade, also known as HermeticWiper, is a form of malware designed to exploit and damage computer systems. It was first reported in attacks that took place on March 10th, 2022, as part of the Hermetic campaign. The campaign also saw the deployment of another malware called HermeticRansom (or SonicVote) on March 17th, 2022, and a combined attack using both Foxblade and HermeticRansom on March 24th, 2022. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can disrupt operations, steal personal information, or hold data for ransom. The malware Foxblade, alongside another destructive malware named Caddywiper, was reportedly used by a state actor to target Ukraine, potentially causing significant disruption. As of late 2022, experts suggested that this state actor might have been testing additional malware with similar capabilities, targeting organizations outside Ukraine that serve key functions in Ukraine’s supply lines. These attacks have significantly impacted multiple critical infrastructure organizations within Ukraine. The group behind these attacks shares victimology with recent Russian state-aligned activity, specifically affecting certain geographies and countries. Sandworm, a unit linked to the Russian military intelligence agency GRU, has been identified as potentially preparing to follow its previous Foxblade and Caddywiper efforts with new wiper malware. Despite similarities in deployment techniques, the campaign is distinct from other recent destructive attacks leveraging malwares such as AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper).
What's your take? (Question 1 of 2)
7ab1102f-34ac-4780-a4fc-67d0552cdaac Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
HermeticWiper
2
HermeticWiper is a destructive malware that was first identified in cyber attacks against organizations in Ukraine on February 23, 2022. It was disclosed by several cybersecurity researchers including SentinelLabs, a leading cybersecurity firm. This malware is designed to infiltrate and destroy comp
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CaddyWiperUnspecified
2
CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Foxblade Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
6 months ago
New “Prestige” ransomware impacts organizations in Ukraine and Poland | Microsoft Security Blog
Securityaffairs
a year ago
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine
InfoSecurity-magazine
a year ago
Russian Military Preparing New Destructive Attacks: Microsoft
ESET
a year ago
A year of wiper attacks in Ukraine | WeLiveSecurity