ioc · sha-256

dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

RU · RussiaCadet Blizzardconfidence · high

WhisperGate stage2.exe - the file-corruption stage that overwrites files matching a hardcoded extension list, downloaded over Discord CDN. Hash from Microsoft MSTIC via CISA / FBI AA22-057A Table 1.

family: WhisperGate
first seen: Jan 12, 2022
publisher: CISA

source citation