On Saturday January 15th 2022, Microsoft released a blog titled “Destructive malware targeting Ukrainian organizations”. Microsoft’s blog outlines an ongoing attack against organisations in Ukraine by a currently-unknown threat actor and provides a detailed analysis of the malware samples involved.
We have provided additional resources below that may be of use to those responding or investigating the attacks:
- Yara Rules
- Copies of malware samples for detections. Do not run these unless you know how to safely analyse malware in a Virtual Machine!
- Decompiled Source code, via RetDec and ILSpy