CaddyWiper and APT37

As a SOC analyst, you have been tasked with investigations on malware and APT groups rampaging through the world. Your assignment is to look into the CaddyWiper malware and APT37 group. Gather information from OpenCTI to answer the following questions.

What is the earliest date recorded related to CaddyWiper? Format: YYYY/MM/DD

OpenCTI CaddyWiper Earliest date
2022/03/15 (Search for and read the report online)

Which Attack technique is used by the malware for execution?

OpenCTI CaddyWiper Attack technique
Native API

How many malware relations are linked to this Attack technique?

OpenCTI CaddyWiper Malware relations
113

Which 3 tools were used by the Attack Technique in 2016? (Ans: Tool1, Tool2, Tool3)

OpenCTI CaddyWiper Tools 2016
Bloodhound, Empire, ShimRatReporter

What country is APT37 associated with?

OpenCTI CaddyWiper APT37 country
North Korea

Which Attack techniques are used by the group for initial access? (Ans: Technique1, Technique2)

OpenCTI APT37 initial access techniques
T1189,T1566

And that’s it.