Rewterz Threat Alert – Donot APT Group Targeting Pakistani Officials – Active IOCs
November 26, 2021Rewterz Threat Alert – Gh0st RAT Malware – Active IOCs
November 26, 2021Rewterz Threat Alert – Donot APT Group Targeting Pakistani Officials – Active IOCs
November 26, 2021Rewterz Threat Alert – Gh0st RAT Malware – Active IOCs
November 26, 2021Severity
Medium
Analysis Summary
The REvil (also known as Sodinokibi) is a Ransomware-as-a-Service (RaaS). The first attack of REvil in middle of April 2019, and attracted huge attention span from the InfoSec world due to their uncanny similarities with GandCrab Ransomware. The group uses different distribution techniques of deploying ransomware such as exploit kits, scans and exploiting various vulnerable software (Oracle WebLogic), RDP servers, and backdoored software installers. Revil has made estimated over $100 million by infecting large business owners and they threaten to publish data if the ransom money is not paid by the victim.
Impact
- File Encryption
Indicators of Compromise
MD5
- 319def7ee71ed3312279527fdea77844
- 2ad1d028268be65a0f56d6648a9bf189
- 70c78893cabde892192659eb78dfb109
- 294953def6ca234532cad60d9476532d
SHA-256
- d803588d7aebca8f076b3891e5c735cc42ce8d56d8c48d18a55b9e9c28c3c898
- 0e26e92540256dd8c30ade86dac86b349635764fb8f5a915e9c19e1eaeb6cd32
- 09464ce798cc2f950afa975db5433c6a7bb5668c7b37125249ada866d41dafda
- 474f76ffd98f92e698a4800091cf66afbe96d17ed0c3bf66488180b75d861958
SHA-1
- 0b359ea05e901e3be193d8476fe56b7762f21c41
- b38fe2389fb8df6436da0ce5c34a56e9be11d8a3
- 5b114722930810e0b87b38505d6f53086bddfb3e
- 0e20113a976e960c0d9025da23e1d5c6778d3697
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.