DoubleZero is a wiper malware connected to the ongoing cyber attacks against entities in Ukraine. On Mar 22, 2022, CERT-UA released CERT-UA #4243. This alert covers activity attributed to UAC-0088. Specifically, the malware, DoubleZero, is a destructive ‘wiper’ targeting Windows systems. The malware is coded in C#, and will affect files differently depending on type. For example, system files are treated differently than non-system files. SentinelOne Endpoint is capable of preventing the destructive behavior associated with DoubleZero.
