Foxblade

Malware updated 4 months ago (2024-05-04T18:39:27.615Z)

Download STIX

Preview STIX

Foxblade, also known as HermeticWiper, is a form of malware designed to exploit and damage computer systems. It was first reported in attacks that took place on March 10th, 2022, as part of the Hermetic campaign. The campaign also saw the deployment of another malware called HermeticRansom (or SonicVote) on March 17th, 2022, and a combined attack using both Foxblade and HermeticRansom on March 24th, 2022. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can disrupt operations, steal personal information, or hold data for ransom. The malware Foxblade, alongside another destructive malware named Caddywiper, was reportedly used by a state actor to target Ukraine, potentially causing significant disruption. As of late 2022, experts suggested that this state actor might have been testing additional malware with similar capabilities, targeting organizations outside Ukraine that serve key functions in Ukraine’s supply lines. These attacks have significantly impacted multiple critical infrastructure organizations within Ukraine. The group behind these attacks shares victimology with recent Russian state-aligned activity, specifically affecting certain geographies and countries. Sandworm, a unit linked to the Russian military intelligence agency GRU, has been identified as potentially preparing to follow its previous Foxblade and Caddywiper efforts with new wiper malware. Despite similarities in deployment techniques, the campaign is distinct from other recent destructive attacks leveraging malwares such as AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper).

Description last updated: 2023-12-20T16:48:56.451Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
HermeticWiper	2	HermeticWiper is a destructive malware that was first disclosed by cybersecurity researchers on February 23, 2022. This malicious software was deployed against organizations in Ukraine, with the intent of destroying computer systems and rendering them inoperable. The malware infiltrates systems thro

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
CaddyWiper	Unspecified	2	CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip

Source Document References

Information about the Foxblade Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	9 months ago	New “Prestige” ransomware impacts organizations in Ukraine and Poland \| Microsoft Security Blog
ESET	2 years ago	A year of wiper attacks in Ukraine \| WeLiveSecurity
InfoSecurity-magazine	a year ago	Russian Military Preparing New Destructive Attacks: Microsoft
Securityaffairs	a year ago	Microsoft sheds light on a year of Russian hybrid warfare in Ukraine