New Variants of ZeroCleare Data Wiper Malware Attributed to Iran
In 2019 December, IBM X-Force team published a report (https://www.ibm.com/downloads/cas/OAJ4VZNJ) detailing new variants of ZeroCleare: a data-destroying malware family attributed to Iran. According to the IBM X-Force report, there are several important points - The initial access IP address of this ZeroCleare is 193.111.152.13, which was associated with ITG13 in recent Oilrig/APT34 leaks, and as also reported by Palo Alto, was used to scan target networks and access accounts as early as the fall of 2018.