Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Mirai Botnet aka Katana – Active IOCs
June 9, 2023Rewterz Threat Alert – APT37 aka GoldBackDoor Group – Active IOCs
June 9, 2023
Severity
High
Analysis Summary
Clop ransomware first appeared in 2019, which employs the .clop extension after encrypting the victim’s data. It has become a common threat to organizations and corporations. Additionally, it is found that Clop attacks a victim’s whole network as instead of just certain PCs.
To obtain initial access, the threat actors use a well-established network of affiliates. They then send a large number of spear-phishing emails to workers of an organization to induce infection.
Industrial enterprises were the target of 45% of Clop ransomware attacks, while IT companies were the target of 27% of these attacks.
The lull in the Clop ransomware gang’s activities may be easily explained by the fact that some of its infrastructures were shut down in June 2021 as a result of a global law enforcement operation known as Operation Cyclone, which was coordinated by INTERPOL.
Ransom Note:
Impact
- File Encryption
Indicators of Compromise
MD5
- 8752a7a052ba75239b86b0da1d483dd7
- 254a38e39d8cefb28ab838064d5f93f9
- c41a0e1ddeb85b6326a3dc403a5fd0fa
SHA-256
- 3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207
- 88af8d2ab468802fcb2a8ab7c4e9d99b01b3b5a07f57584ac387ed8dd8e8d8bc
- d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9
SHA-1
- 6eeef883d209d02a05ae9e6a2f37c6cbf69f4d89
- a2c9968368037484304752f08212db1b4e400dcf
- 3c8e60ce5ff0cb21be39d1176d1056f9ef9438fa
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open links and attachments received from unknown sources/senders.