Foxblade

Malware updated 6 months ago (2024-05-04T18:39:27.615Z)
Download STIX
Preview STIX
Foxblade, also known as HermeticWiper, is a form of malware designed to exploit and damage computer systems. It was first reported in attacks that took place on March 10th, 2022, as part of the Hermetic campaign. The campaign also saw the deployment of another malware called HermeticRansom (or SonicVote) on March 17th, 2022, and a combined attack using both Foxblade and HermeticRansom on March 24th, 2022. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can disrupt operations, steal personal information, or hold data for ransom. The malware Foxblade, alongside another destructive malware named Caddywiper, was reportedly used by a state actor to target Ukraine, potentially causing significant disruption. As of late 2022, experts suggested that this state actor might have been testing additional malware with similar capabilities, targeting organizations outside Ukraine that serve key functions in Ukraine’s supply lines. These attacks have significantly impacted multiple critical infrastructure organizations within Ukraine. The group behind these attacks shares victimology with recent Russian state-aligned activity, specifically affecting certain geographies and countries. Sandworm, a unit linked to the Russian military intelligence agency GRU, has been identified as potentially preparing to follow its previous Foxblade and Caddywiper efforts with new wiper malware. Despite similarities in deployment techniques, the campaign is distinct from other recent destructive attacks leveraging malwares such as AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper).
Description last updated: 2023-12-20T16:48:56.451Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
HermeticWiper is a possible alias for Foxblade. HermeticWiper is a destructive malware that was first disclosed by cybersecurity researchers on February 23, 2022. This malicious software was deployed against organizations in Ukraine, with the intent of destroying computer systems and rendering them inoperable. The malware infiltrates systems thro
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The CaddyWiper Malware is associated with Foxblade. CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWipUnspecified
2
Source Document References
Information about the Foxblade Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more