Thursday 17 March 2022

Analysis of CaddyWiper

 

Summary


  • Name: CaddyWiper

  • Discovered in March 2022

  • Was used in a targeted attack in Ukraine

  • Deployed via Microsoft Active Directory GPO

  • Corrupts files and disk partitions

  • PE32 sample written in C++

  • Compiled on the same day when it was deployed on targeted systems in Ukraine

by Denis Popov