Skip to content
/ CaddyWiperCS Public

C# implementation of the CaddyWiper wiper malware

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zoee-gif/CaddyWiperCS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
CaddyClone
CaddyClone
 
 
README.md
README.md
 
 

Repository files navigation

CaddyWiperCS

C# implementation of the CaddyWiper wiper malware using CISA's breakdown of the associated IOCs.

How to use

CaddyWiperCS comes in two states - int armed = 0 (default) and int armed = 1. This changes the way the malware operates, between a more subdued version of the malware that only wipes one targeted file and the full capability of the CaddyWiper class of malware.

Operational Events

This malware falls under T1485: Data Destruction and operates as follows:

  1. Grabs a list of the files for all users found in C:\Users\.
  2. Attempts to re-write the content of each file as a series of NULL bytes, matching the size of the original file to maintain the same filesize but erase the contents
  3. Attempt to access attached drives starting with D:\

Arming the malware

  1. Change int armed = 0 to 1 on line # of Program.cs

TODO List

  • Single file wipe via armed == 0
  • Batch file wipe via armed == 1
  • Attached drive boot record wipe
  • Finish README writeup with instructions

About

C# implementation of the CaddyWiper wiper malware

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages