CaddyWiper - S0693 (b30d999d-64e0-4e35-9856-884e4b83d611)

CaddyWiper is a destructive data wiper that has been used in attacks against organizations in Ukraine since at least March 2022.(Citation: ESET CaddyWiper March 2022)(Citation: Cisco CaddyWiper March 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	CaddyWiper - S0693 (b30d999d-64e0-4e35-9856-884e4b83d611)	Malware	1
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	CaddyWiper - S0693 (b30d999d-64e0-4e35-9856-884e4b83d611)	Malware	1
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	CaddyWiper - S0693 (b30d999d-64e0-4e35-9856-884e4b83d611)	Malware	1
CaddyWiper - S0693 (b30d999d-64e0-4e35-9856-884e4b83d611)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	CaddyWiper - S0693 (b30d999d-64e0-4e35-9856-884e4b83d611)	Malware	1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	CaddyWiper - S0693 (b30d999d-64e0-4e35-9856-884e4b83d611)	Malware	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	CaddyWiper - S0693 (b30d999d-64e0-4e35-9856-884e4b83d611)	Malware	1
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	2
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	2