{
	"id": "1bc275de-ae88-4ff2-bad7-bcc875069615",
	"created_at": "2026-04-06T00:18:23.879628Z",
	"updated_at": "2026-04-10T03:30:33.704098Z",
	"deleted_at": null,
	"sha1_hash": "ea1944852a024fd2e42de8bb91e49bdeb7e3f9ff",
	"title": "Dec 2012 Batchwiper Samples",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 67373,
	"plain_text": "Dec 2012 Batchwiper Samples\r\nArchived: 2026-04-05 21:06:35 UTC\r\nDec 2012 Batchwiper Samples\r\nUpdate: Jan 18, 2013 - Here is a nice analysis BatchWiper  Analysis by Emanuele De Lucia\r\nThe next time the virus will wake up is Jan 21, 2013. Time to grab it, read and play.\r\nSeveral people asked for Batchwiper, so here are the samples.\r\nFrom Maher - Iranian CERT:\r\nLatest investigation have been done by Maher center in cyber space identified a new targeted data wiping\r\nmalware. Primitive analysis revealed that this malware wipes files on different drives in various predefined times.\r\nDespite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories\r\nwithout being recognized by anti-virus software. However, it is not considered to be widely distributed. This\r\ntargeted attack is simple in design and it is not any similarity to the other sophisticated targeted attacks. The\r\nidentified components of this threat are listed in the following table:\r\nMD5 Name\r\nf3dd76477e16e26571f8c64a7fd4a97b GrooveMonitor.exe [dropper]\r\nfa0b300e671f73b3b0f7f415ccbe9d41 juboot.exe\r\nc4cd216112cbc5b8c046934843c579f6 jucheck.exe\r\nea7ed6b50a9f7b31caeea372a327bd37 SLEEP.EXE\r\nb7117b5d8281acd56648c9d08fadf630 WmiPrv.exe\r\nhttp://contagiodump.blogspot.com/2012/12/batchwiper-samples.html\r\nPage 1 of 2\n\nFile\r\nSource: http://contagiodump.blogspot.com/2012/12/batchwiper-samples.html\r\nhttp://contagiodump.blogspot.com/2012/12/batchwiper-samples.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiodump.blogspot.com/2012/12/batchwiper-samples.html"
	],
	"report_names": [
		"batchwiper-samples.html"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434703,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ea1944852a024fd2e42de8bb91e49bdeb7e3f9ff.pdf",
		"text": "https://archive.orkl.eu/ea1944852a024fd2e42de8bb91e49bdeb7e3f9ff.txt",
		"img": "https://archive.orkl.eu/ea1944852a024fd2e42de8bb91e49bdeb7e3f9ff.jpg"
	}
}