(ESET) The Fantasy wiper is built on the foundations of the previously reported {{Apostle}} wiper but does not attempt to masquerade as ransomware, as Apostle originally did. Instead, it goes right to work wiping data. Victims were observed in South Africa – where reconnaissance began several weeks before Fantasy was deployed – Israel, and Hong Kong.
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
| IP:Port | Timestamp |
|---|
| Domain | Timestamp |
|---|
| URL | Timestamp |
|---|
Tool: Fantasy
Names: Fantasy
Description: (ESET) The Fantasy wiper is built on the foundations of the previously reported {{Apostle}} wiper but does not attempt to masquerade as ransomware, as Apostle originally did. Instead, it goes right to work wiping data. Victims were observed in South Africa – where reconnaissance began several weeks before Fantasy was deployed – Israel, and Hong Kong.
Category: Malware
Type: Wiper
Information: https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/
Last-card-change: 2022-12-27
Source: https://apt.etda.or.th/cgi-bin/listtools.cgi
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |