{
	"id": "a2975eaf-142c-46a6-9da4-9e3df102acf8",
	"created_at": "2026-04-06T00:16:52.353799Z",
	"updated_at": "2026-04-10T03:25:50.515553Z",
	"deleted_at": null,
	"sha1_hash": "f3c4ef9053e9f8befb9430bf809c3b37996f7d8a",
	"title": "AcidRain (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 62089,
	"plain_text": "AcidRain (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 16:16:20 UTC\r\nelf.acidrain (Back to overview)\r\nAcidRain\r\nA MIPS ELF binary with wiper functionality used against Viasat KA-SAT modems.\r\nReferences\r\n2024-04-30 ⋅ Trellix ⋅ Max Kersten\r\nPouring Acid Rain\r\nAcidPour AcidRain\r\n2022-10-24 ⋅ Youtube (Virus Bulletin) ⋅ Alexander Adamov\r\nRussian wipers in the cyberwar against Ukraine\r\nAcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard\r\nINDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate\r\n2022-08-18 ⋅ Trustwave ⋅ Pawel Knapczyk\r\nOverview of the Cyber Weapons Used in the Ukraine - Russia War\r\nAcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper\r\nINDUSTROYER2 InvisiMole IsaacWiper PartyTicket\r\n2022-08-18 ⋅ Trustwave ⋅ Pawel Knapczyk\r\nOverview of the Cyber Weapons Used in the Ukraine - Russia War\r\nAcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper\r\nINDUSTROYER2 InvisiMole IsaacWiper PartyTicket\r\n2022-05-19 ⋅ splunk ⋅ Splunk Threat Research Team\r\nThreat Update: AcidRain Wiper\r\nAcidRain\r\n2022-05-02 ⋅ AT\u0026T ⋅ Fernando Martinez\r\nAnalysis on recent wiper attacks: examples and how wiper malware works\r\nAcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper\r\n2022-04-28 ⋅ Fortinet ⋅ Gergely Revay\r\nAn Overview of the Increasing Wiper Malware Threat\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.acidrain\r\nPage 1 of 2\n\nAcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer\r\nOrdinypt WhisperGate ZeroCleare\r\n2022-04-15 ⋅ splunk ⋅ Splunk Threat Research Team\r\nSTRT-TA03 CPE - Destructive Software\r\nAcidRain CyclopsBlink\r\n2022-04-04 ⋅ Cyber Security News ⋅ Gurubaran\r\nAcidRain Wiper Malware hit Routers and Modems, Haults Communication\r\nAcidRain\r\n2022-03-31 ⋅ Sentinel LABS ⋅ Juan Andrés Guerrero-Saade\r\nAcidRain | A Modem Wiper Rains Down on Europe\r\nAcidRain VPNFilter\r\n2022-03-31 ⋅ Bleeping Computer ⋅ Sergiu Gatlan\r\nViasat confirms satellite modems were wiped with AcidRain malware\r\nAcidRain\r\n2022-03-31 ⋅ reversemode ⋅ Ruben Santamarta\r\nVIASAT incident: from speculation to technical details.\r\nAcidRain\r\n2020-03-31 ⋅ Tech Times ⋅ Isaiah Richard\r\nViasat Hit with Russia’s Wiper Malware called ‘AcidRain,’ Affecting European Services\r\nAcidRain\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/elf.acidrain\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.acidrain\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/elf.acidrain"
	],
	"report_names": [
		"elf.acidrain"
	],
	"threat_actors": [
		{
			"id": "11f52079-26d3-4e06-8665-6a0b3efdc41c",
			"created_at": "2022-10-25T16:07:23.736987Z",
			"updated_at": "2026-04-10T02:00:04.732021Z",
			"deleted_at": null,
			"main_name": "InvisiMole",
			"aliases": [
				"UAC-0035"
			],
			"source_name": "ETDA:InvisiMole",
			"tools": [
				"InvisiMole"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "610a7295-3139-4f34-8cec-b3da40add480",
			"created_at": "2023-01-06T13:46:38.608142Z",
			"updated_at": "2026-04-10T02:00:03.03764Z",
			"deleted_at": null,
			"main_name": "Cobalt",
			"aliases": [
				"Cobalt Group",
				"Cobalt Gang",
				"GOLD KINGSWOOD",
				"COBALT SPIDER",
				"G0080",
				"Mule Libra"
			],
			"source_name": "MISPGALAXY:Cobalt",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "12b5d602-4017-4a6f-a2a3-387a6e07a27b",
			"created_at": "2023-01-06T13:46:39.095233Z",
			"updated_at": "2026-04-10T02:00:03.21157Z",
			"deleted_at": null,
			"main_name": "InvisiMole",
			"aliases": [],
			"source_name": "MISPGALAXY:InvisiMole",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434612,
	"ts_updated_at": 1775791550,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f3c4ef9053e9f8befb9430bf809c3b37996f7d8a.pdf",
		"text": "https://archive.orkl.eu/f3c4ef9053e9f8befb9430bf809c3b37996f7d8a.txt",
		"img": "https://archive.orkl.eu/f3c4ef9053e9f8befb9430bf809c3b37996f7d8a.jpg"
	}
}