Rewterz Threat Advisory – ICS – Siemens SINEMA Vulnerability
August 22, 2021Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs
August 22, 2021Rewterz Threat Advisory – ICS – Siemens SINEMA Vulnerability
August 22, 2021Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs
August 22, 2021Severity
High
Analysis Summary
Fresh IoCs have been retrieved from a campaign distributing the GandCrab ransomware. GandCrab campaigns typically involve emails designed to deceive a potential victim into downloading attached malicious files. The infection process begins once a victim opens the attachment. It is important to note that the malware, in order to be successfully installed, requires the victim to enable macros. As is customary with other ransomware, it aims to lock a victim’s files, and demand that a ransom amount be paid. GandCrab usually targets consumers and businesses with PCs running Microsoft Windows. GandCrab has been involved in some of the biggest ransomware attacks, causing massive monetary loss to victims. GandCrab operators usually attempt to impersonate legitimate services in order to successfully victimize the target. For instance, in January 2020, GandCrab was distributed packed in a word document “Flu pandemic warning.doc” supposedly coming from the Center for Disease Control.
Impact
- Files Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- 44c289e415e4c12b883003082194d76c
- 4afcd3e6be15a9480fa46b9b9b8eb465
- 95557a29de4b70a25ce62a03472be684
- e6714bce3d8d9d0749572bd20ada0d96
- 2a5926e061c5cf3c6f8bb8908464468a
SHA-256
- ce8a3474f1be9d750b5a5d5447e8f66b651d215799c1b5acb261296426542659
- 143666ebfb967e253ce8d6732aff226c24e44a906ca83e0978b396328322a448
- 49b769536224f160b6087dc866edf6445531c6136ab76b9d5079ce622b043200
- b8b50ac7b9bfc4be19c9dd9b4fdc469773d8e1eee72194f2779c522f953e6adb
- c0db3c329592294a81f23c37e701a189110913c17d1371bc625a3eae97f37a94
SHA1
- 915e5b6ad63ca0115ad8ac41da271e167cb50486
- 50d74eaa9edaec2cc78a717cf1ba3900fbcee6fd
- 5baabf2869278e60d4c4f236b832bffddd6cf969
- 4f2dedc17145ce8ebdee9eff605aa5ad1e87717e
- d256701b40efd72f2ed9c0ebacdea162926590cd
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.
- Do not download files from random sources on the internet