Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
July 14, 2022Rewterz Threat Advisory – ICS: Siemens RUGGEDCOM Vulnerability
July 15, 2022Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
July 14, 2022Rewterz Threat Advisory – ICS: Siemens RUGGEDCOM Vulnerability
July 15, 2022Severity
High
Analysis Summary
The REvil (also known as Sodinokibi) is a Ransomware-as-a-Service (RaaS). The first attack of REvil in middle of April 2019, and attracted huge attention span from the InfoSec world due to their uncanny similarities with GandCrab Ransomware. The group uses different distribution techniques of deploying ransomware such as exploit kits, scans and exploiting various vulnerable software (Oracle WebLogic), RDP servers, and backdoored software installers. Revil has made estimated over $100 million by infecting large business owners and they threaten to publish data if the ransom money is not paid by the victim.
Impact
- Data Encryption
Indicators of Compromise
MD5
- e6566f78abf3075ebea6fd037803e176
SHA-256
- 861bc212241bcac9f8095c8de1b180b398057cbb2d37c9220086ffaf24ba9e08
SHA-1
- de960051530de0ec06b72b8e3e1cb558e09a1c77
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.