HermeticWizard
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[HermeticWizard](https://attack.mitre.org/software/S0698) is a worm that has been used to spread [HermeticWiper](https://attack.mitre.org/software/S0697) in attacks against organizations in Ukraine since at least 2022.(Citation: ESET Hermetic Wizard March 2022)
Associated Techniques (16)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1018 | Remote System Discovery | - |
| T1021.002 | SMB/Windows Admin Shares | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1046 | Network Service Discovery | - |
| T1047 | Windows Management Instrumentation | - |
| T1059.003 | Windows Command Shell | - |
| T1070.001 | Clear Windows Event Logs | - |
| T1106 | Native API | - |
| T1110.001 | Password Guessing | - |
| T1218.010 | Regsvr32 | - |
| T1218.011 | Rundll32 | - |
| T1553.002 | Code Signing | - |
| T1559.001 | Component Object Model | - |
| T1569.002 | Service Execution | - |
Metadata
| ID: | 694 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |