Rewterz Threat Alert – Lokibot Malware – Active IOCs
May 31, 2022Rewterz Threat Alert – AveMaria RAT – Active IOCs
May 31, 2022Rewterz Threat Alert – Lokibot Malware – Active IOCs
May 31, 2022Rewterz Threat Alert – AveMaria RAT – Active IOCs
May 31, 2022Severity
High
Analysis Summary
Cuba – a Windows-based ransomware family – has been active since December 2019. To boost its damage and profitability, the perpetrators recently moved to release the stolen data similar to what we’ve seen previously with other significant ransomware operations. It is delivered by Hancitor malware, a loader notorious for dumping or executing stealers onto victims’ networks, such as RATs and other forms of ransomware. Cuba Ransomware targets companies in the financial, government, healthcare, manufacturing, and information technology industries, infecting Windows computers with the Hancitor malware.
Impact
- File Encryption
- Data Exfiltration
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- c5e3b725080712c175840c59a37a5daa
- 9ca2579117916ded7ac8272b7b47bb98
- c0451fd7921342e0d2fbf682091d4280
SHA-256
- f68cea99e6887739cd82865f9b973664117af14c1a25d4917eec25ce4b26a381
- aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03
- 936119bc1811aeef01299a0150141787865a0dbe2667288f018ad24db5a7bc27
SHA-1
- f347fa07f13c3809e4d2d390e1d16ff91f6dc959
- d1ef60835127e35154a04d0c7f65beee6e790e44
- c294ae878aba6aec14bcdf5a84d688fc66597893
Remediation
- Never open attachments or links received by unknown senders.
- Emails from unknown senders should always be treated with caution.
- Look for IOCs in your surroundings.
- At your respective controls, disable all threat indicators.