{
	"id": "fe8922aa-eccb-4d98-9957-8672b6bac624",
	"created_at": "2026-04-06T00:12:34.317996Z",
	"updated_at": "2026-04-10T03:21:28.775283Z",
	"deleted_at": null,
	"sha1_hash": "985384b4377d2f35a66e39b6deb5692e8dc6fcfe",
	"title": "Storwize USB Initialization Tool may contain malicious code",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50766,
	"plain_text": "Storwize USB Initialization Tool may contain malicious code\r\nPublished: 2023-03-26 · Archived: 2026-04-05 15:30:59 UTC\r\nFlashes (Alerts)\r\nAbstract\r\nIBM has detected that some USB flash drives containing the initialization tool shipped with the IBM Storwize\r\nV3500, V3700 and V5000 Gen 1 systems contain a file that has been infected with malicious code.\r\nContent\r\nAffected Products\r\nThe Initialization Tool on the USB flash drive with the partnumber 01AC585 that shipped with the following\r\nSystem models may have an infected file:\r\nIBM Storwize V3500 - 2071 models 02A and 10A\r\nIBM Storwize V3700 - 2072 models 12C, 24C and 2DC\r\nIBM Storwize V5000 - 2077 models 12C and 24C\r\nIBM Storwize V5000 - 2078 models 12C and 24C\r\nIBM Storwize Systems with serial numbers starting with the characters 78D2 are not affected.\r\nNeither the IBM Storwize storage systems nor data stored on these systems are infected by this malicious code.\r\nSystems not listed above and USB flash drives used for Encryption Key management are not affected by this\r\nissue.\r\nImpact Potential\r\nIBM has identified a malicious file distributed on USB flash drives used in the initialization tool for IBM Storwize\r\nV3500, V3700 and V5000 Gen 1 systems.\r\nWhen the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on\r\nthe hard drive of the desktop or laptop during normal operation. With that step, the malicious file is copied with\r\nthe initialization tool to the following temporary folder:\r\nOn Windows systems: %TMP%\\initTool\r\nOn Linux and Mac systems: /tmp/initTool\r\nImportant: While the malicious file is copied onto the desktop or laptop, the file is not executed during\r\ninitialization.\r\nThe affected Initialization USB flash drive looks like the images below, and contains a folder called InitTool.\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146\r\nPage 1 of 3\n\nIBM has taken steps to prevent any additional USB flash drives being shipped with this issue.\r\nClient Actions\r\nIf you have used the initialization USB flash drive from one of the IBM products listed above and have inserted it\r\ninto a desktop or laptop to initialize a Storwize system, IBM recommends you verify your antivirus software has\r\nalready removed the infected file or alternatively remove the directory containing the identified malicious file in\r\nthe manner described below.\r\nIBM recommends ensuring your antivirus products are updated, configured to scan temporary directories, and\r\nissues identified by the antivirus product are addressed.\r\nTo manually remove the malicious file, delete the temporary directory:\r\nOn Windows systems: %TMP%\\initTool\r\nOn Linux and Mac systems: /tmp/initTool\r\nIn addition for Windows systems, ensure the entire directory is deleted (not moved to the Recycle Bin folder).\r\nThis can be accomplished by selecting the directory and Shift-\u003eRight-click-\u003eDelete the directory.\r\nFurther, for Initialization Tool USB flash drives, including those that have not yet been used for installation, IBM\r\nrecommends taking one of the following steps:\r\n1. Securely destroy the USB flash drive so that it can not be reused.\r\n2. Repair the USB flash drive so it can be reused:\r\n1. Delete the folder called InitTool on the USB flash drive which will delete the folder and all the files\r\ninside.If using a Windows machine, holding down shift when deleting the folder will ensure that the\r\nfiles are permanently deleted rather than being copied to the recycle bin.\r\n2. Download the Initialization tool package from FixCentral https://www.ibm.com/support/fixcentral.\r\n3. Unzip the package onto the USB flash drive.\r\n4. Manually scan the USB flash drive with antivirus software.\r\nFurther Information\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146\r\nPage 2 of 3\n\nThe malicious file has a MD5 hash of 0178a69c43d4c57d401bf9596299ea57.\r\nThe malicious file is detected by the following antivirus vendors:\r\nEngine Signature Version Update\r\nAhnLab-V3 Win32/Pondre 3.8.3.16811 20170330\r\nESET-NOD32 Win32/TrojanDropper.Agent.PYF 15180 20170331\r\nKaspersky Trojan.Win32.Reconyc.hvow 15.0.1.13 20170331\r\nMcAfee PWSZbot-FIB!0178A69C43D4 6.0.6.653 20170331\r\nMcAfee-GW-Edition PWSZbot-FIB!0178A69C43D4 v2015 20170331\r\nMicrosoft VirTool:Win32/Injector.EG 1.1.13601.0 20170331\r\nQihoo-360 Virus.Win32.WdExt.A 1.0.0.1120 20170331\r\nSymantec W32.Faedevour!inf 1.2.1.0 20170330\r\nTencent Trojan.Win32.Daws.a 1.0.0.1 20170331\r\nTrendMicro PE_WINDEX.A 9.740.0.1012 20170331\r\nTrendMicro-HouseCall PE_WINDEX.A 9.900.0.1004 20170331\r\nZoneAlarm Trojan.Win32.Reconyc.hvow 1 20170331\r\nIf you have any questions, contact IBM Support.\r\n[{\"Product\":{\"code\":\"STLM6B\",\"label\":\"IBM Storwize V3500 (2071)\"},\"Business Unit\":\r\n{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"--\",\"Platform\":\r\n[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of\r\nBusiness\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"STLM6B\",\"label\":\"IBM Storwize V3500\r\n(2071)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":\r\n[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},\r\n{\"Product\":{\"code\":\"STLM5A\",\"label\":\"IBM Storwize V3700 (2072)\"},\"Business Unit\":\r\n{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":\r\n[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},\r\n{\"Product\":{\"code\":\"STHGUJ\",\"label\":\"IBM Storwize V5000\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM\r\nInfrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of\r\nBusiness\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]\r\nSource: https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146"
	],
	"report_names": [
		"docview.wss?uid=ssg1S1010146"
	],
	"threat_actors": [],
	"ts_created_at": 1775434354,
	"ts_updated_at": 1775791288,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/985384b4377d2f35a66e39b6deb5692e8dc6fcfe.pdf",
		"text": "https://archive.orkl.eu/985384b4377d2f35a66e39b6deb5692e8dc6fcfe.txt",
		"img": "https://archive.orkl.eu/985384b4377d2f35a66e39b6deb5692e8dc6fcfe.jpg"
	}
}