Skip to content
MalwareWiki

Malware

ArguePatch

During a campaign against a Ukrainian energy provider, a new loader of a new version of CaddyWiper called "ArguePatch" was observed by ESET researchers.

During a campaign against a Ukrainian energy provider, a new loader of a new version of CaddyWiper called "ArguePatch" was observed by ESET researchers. ArguePatch is a modified version of Hex-Ray's Remote Debugger Server (win32_remote.exe). ArguePatch expects a decryption key and the file of the CaddyWiper shellcode as command line parameters.

Family metadata imported from Malpedia (Fraunhofer FKIE).