New Variants of ZeroCleare Data Wiper Malware Attributed to Iran

In 2019 December, IBM X-Force team published a report ( detailing new variants of ZeroCleare: a data-destroying malware family attributed to Iran. According to the IBM X-Force report, there are several important points - The initial access IP address of this ZeroCleare is, which was associated with ITG13 in recent Oilrig/APT34 leaks, and as also reported by Palo Alto, was used to scan target networks and access accounts as early as the fall of 2018.

Continue reading