Rewterz Threat Alert – Donot APT Group – Active IOCs
August 15, 2022Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 16, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
August 15, 2022Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 16, 2022Severity
High
Analysis Summary
Phobos Ransomware is based on the Dharma malware that first appeared at the beginning of 2019. It spreads into several systems via compromised Remote Desktop Protocol (RDP) connections. This malware does not use any UAC bypass methods. Unlike other cybercrime gangs that go after big hunts, Phobos creators go after smaller firms that don’t have sufficient funding to pay massive ransoms. This ransomware usually targets healthcare providers, with victims in the United States, Seychelles, Portugal, Brazil, Indonesia, Germany, Romania, and Japan. Its perpetrators demand a little ransom payment, which appeals to victims and enhances the chances of payment. The average Phobos ransom payment in July 2021 was $54,700.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- bdb207908c7c6b2a7724250f0805ffbe
SHA-256
- 8f757ae6b2d10afe86a399af9bc93438aec71e083ca7ad0e163a7e459831619d
SHA1
- c815ea8d2b4657d9583ed99f8f264704bd12aa9b
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.