BFG Agonizer is a wiper related to the open-source project CRYLINE-v.5.0. The malware is associated with wiping operations conducted by the Agrius threat actor.[1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1554 | Compromise Host Software Binary |
BFG Agonizer uses DLL unhooking to remove user mode inline hooks that security solutions often implement. BFG Agonizer also uses IAT unhooking to remove user-mode IAT hooks that security solutions also use.[1] |
|
Enterprise | T1561 | .002 | Disk Wipe: Disk Structure Wipe |
BFG Agonizer retrieves a device handle to |
Enterprise | T1490 | Inhibit System Recovery |
BFG Agonizer wipes the boot sector of infected machines to inhibit system recovery.[1] |
|
Enterprise | T1529 | System Shutdown/Reboot |
BFG Agonizer uses elevated privileges to call |
ID | Name | References |
---|---|---|
G1030 | Agrius |
BFG Agonizer has been used by Agrius for wiping operations.[1] |