Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
July 23, 2022Rewterz Threat Alert – KPOT Stealer – Active IOCs
July 23, 2022Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
July 23, 2022Rewterz Threat Alert – KPOT Stealer – Active IOCs
July 23, 2022Severity
High
Analysis Summary
Belonging to the popular Cryptomix ransomware family, Clop Ransomware is a dangerous file-encrypting virus that actively evades unprotected system security and encrypts stored files by dropping files. Flap extension. It uses the AES cipher to encrypt images, videos, music, database documents and attachments.
Impact
- File Encryption
Indicators of Compromise
MD5
- c41a0e1ddeb85b6326a3dc403a5fd0fa
SHA-256
- d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9
SHA-1
- 3c8e60ce5ff0cb21be39d1176d1056f9ef9438fa
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicator of compromise (IOCs) in your environment utilizing your respective security controls.
- Maintain cyber hygiene by updating your anti-virus software and implement patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.