{
	"id": "c6b81a2b-8e4d-4256-9ffb-4465f02a108c",
	"created_at": "2026-04-06T00:06:55.899852Z",
	"updated_at": "2026-04-10T03:22:11.830328Z",
	"deleted_at": null,
	"sha1_hash": "b8da66d070374faab0ad0d6511f2442428fa3ae9",
	"title": "ZeroCleare (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28622,
	"plain_text": "ZeroCleare (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-02 11:09:34 UTC\r\nZeroCleare is a destructive malware. It has been developed in order to wipe the master boot record section in order\r\nto damage a disk's partitioning. Attackers use the EldoS RawDisk driver to perform the malicious action, which is\r\nnot a signed driver and would therefore not runnable by default. The attackers managed to install it by using a\r\nvulnerable version of VBoxDrv driver, which the DSE accepts and runs. Used to attack middle-east energy and\r\nindustrial sectors.\r\n[TLP:WHITE] win_zerocleare_auto (20251219 | Detects win.zerocleare.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.zerocleare\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zerocleare\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.zerocleare"
	],
	"report_names": [
		"win.zerocleare"
	],
	"threat_actors": [],
	"ts_created_at": 1775434015,
	"ts_updated_at": 1775791331,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b8da66d070374faab0ad0d6511f2442428fa3ae9.pdf",
		"text": "https://archive.orkl.eu/b8da66d070374faab0ad0d6511f2442428fa3ae9.txt",
		"img": "https://archive.orkl.eu/b8da66d070374faab0ad0d6511f2442428fa3ae9.jpg"
	}
}