Names | Cl Wiper | |
Category | Malware | |
Type | Wiper | |
Description | (Check Point) How it works: cl.exe gets arguments from the command line and uses a legitimate driver by ElRawDisk, called rwdsk.sys. The use of ElRawDisk is relatively common among wipers and has been previously used by several wiper families, some of them associated with Iranian actors. Additionally, the license key used in the wiper is the same as the one used in the ZeroCleare wiper, which is known to be used by several actors with links to MOIS. ElRawDisk enables interaction with files, disks, and partitions, proxying the wiping procedures and allowing raw access to the disk. | |
Information | <https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-264a> |
Last change to this tool card: 18 June 2024
Download this tool card in JSON format
Previous: CLOUDSTATS
Next: CMD365
Changed | Name | Country | Observed | ||
APT groups | |||||
HomeLand Justice | 2022-Jan 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |