Our attribution engine is designed to find similarities between malware samples by comparing the input with a vast pool of already attributed and categorized malware. On the same day C25 submitted copies of the reported samples to our internal attribution engine to acquire key points for the attribution. ( ESET Research: Ukraine hit by destructive attacks before and during the Russian invasion with HermeticWiper and IsaacWiper). On March 1st, 2022, ESET researchers reported variants of a destructive malware deployed against Ukraine. In this blog post, Cluster25 outlines a code match between two samples from different threat actors for clarification.Ĭluster25 researchers, during a comparative analysis performed at the beginning of March 2022, found evidence that suggests a possible relationships between a piece of malware belonging to the Sprite Spider arsenal (or some elements that are or were part of it) and another malware that has recently taken part in destructive attacks against organizations and institutions in Ukraine.Ĭ25 analyzes the evolution of the events that led to this analysis and the related conclusions. The code they had in common is aligned with Microsoft standard libraries, and therefore common for use. After additional reviews, the team at Cluster25 has determined that the code commonality identified in the two analyzed samples contained in this blog post was coincidental.
0 Comments
Leave a Reply. |