{
	"id": "17ee206b-b1f4-476d-b181-100c2ed9103c",
	"created_at": "2026-04-06T00:08:43.285235Z",
	"updated_at": "2026-04-10T03:21:44.296908Z",
	"deleted_at": null,
	"sha1_hash": "1f9d96997cd61cce7aee1524e0cb496ed946740c",
	"title": "HermeticWiper Malware Technical Analysis - Brandefense",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39220,
	"plain_text": "HermeticWiper Malware Technical Analysis - Brandefense\r\nBy Cyber Security Consultant\r\nPublished: 2023-11-29 · Archived: 2026-04-05 19:53:27 UTC\r\n(…) As the tension that started between Russia and Ukraine on February 24, 2022, turned into a physical conflict,\r\nat the same time, cyber-attacks and malware threats came to the fore. Researchers have found that Russian threat\r\nactors developed malware that corrupts MBR (Master Boot Record) and disk volumes for Ukrainian\r\norganizations.\r\nFirst, security researchers from ESET and Symantec detected this type of malware. We then analyzed the sample,\r\nmaking sense of it with various IoC findings. As a result, security providers have named this example\r\nHermeticWiper.\r\nThe malware was detected on thousands of different devices in Ukraine and tagged as KillDisk.NCV. It is named\r\nHermeticWiper because of the digital certificate the malware holds. The certificate, issued with Hermetica Digital\r\nLtd, is valid from 2021.\r\nResearchers state they can obtain the certificate by using it on behalf of a front company or confiscating a closed\r\ncompany. However, security researchers have noticed that malware signed with this certificate is no longer\r\nseen(…)\r\nSource: https://brandefense.io/hermeticwiper-technical-analysis-report/\r\nhttps://brandefense.io/hermeticwiper-technical-analysis-report/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://brandefense.io/hermeticwiper-technical-analysis-report/"
	],
	"report_names": [
		"hermeticwiper-technical-analysis-report"
	],
	"threat_actors": [],
	"ts_created_at": 1775434123,
	"ts_updated_at": 1775791304,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1f9d96997cd61cce7aee1524e0cb496ed946740c.pdf",
		"text": "https://archive.orkl.eu/1f9d96997cd61cce7aee1524e0cb496ed946740c.txt",
		"img": "https://archive.orkl.eu/1f9d96997cd61cce7aee1524e0cb496ed946740c.jpg"
	}
}