Foxblade

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Foxblade, also known as HermeticWiper, is a form of malware designed to exploit and damage computer systems. It was first reported in attacks that took place on March 10th, 2022, as part of the Hermetic campaign. The campaign also saw the deployment of another malware called HermeticRansom (or SonicVote) on March 17th, 2022, and a combined attack using both Foxblade and HermeticRansom on March 24th, 2022. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can disrupt operations, steal personal information, or hold data for ransom. The malware Foxblade, alongside another destructive malware named Caddywiper, was reportedly used by a state actor to target Ukraine, potentially causing significant disruption. As of late 2022, experts suggested that this state actor might have been testing additional malware with similar capabilities, targeting organizations outside Ukraine that serve key functions in Ukraine’s supply lines. These attacks have significantly impacted multiple critical infrastructure organizations within Ukraine. The group behind these attacks shares victimology with recent Russian state-aligned activity, specifically affecting certain geographies and countries. Sandworm, a unit linked to the Russian military intelligence agency GRU, has been identified as potentially preparing to follow its previous Foxblade and Caddywiper efforts with new wiper malware. Despite similarities in deployment techniques, the campaign is distinct from other recent destructive attacks leveraging malwares such as AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper).
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
HermeticWiper
2
HermeticWiper is a destructive malware that was first disclosed by cybersecurity researchers on February 23, 2022. This malicious software was deployed against organizations in Ukraine, with the intent of destroying computer systems and rendering them inoperable. The malware infiltrates systems thro
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ukraine
Russia
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CaddyWiperUnspecified
2
CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SandwormUnspecified
1
Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Arguepatch)/caddywiperUnspecified
1
None
Source Document References
Information about the Foxblade Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
7 months ago
New “Prestige” ransomware impacts organizations in Ukraine and Poland | Microsoft Security Blog
ESET
a year ago
A year of wiper attacks in Ukraine | WeLiveSecurity
InfoSecurity-magazine
a year ago
Russian Military Preparing New Destructive Attacks: Microsoft
Securityaffairs
a year ago
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine