• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
January 18, 2022
Rewterz Threat Advisory – CVE-2021-44757 – Zoho Fixes Critical Vulnerability
January 18, 2022

Rewterz Threat Alert – CrySIS aka Dharma Ransomware – Active IOCs

January 18, 2022

Severity

High

Analysis Summary

CrySIS, also known as Dharma, is a group of ransomware that has been developing starting around 2016. We have seen that this ransomware has become progressively dynamic of late, expanding by an edge of 148% from February until April 2019. The increase in discoveries might be because of CrySIS’ powerful utilization of different assault vectors. Italian Windows users are being targeted by a spam campaign that is spreading the Dharma ransomware as the end payload. Researchers indicate the spam emails attempt to disguise themselves as invoice emails. In reality, the spam is being used to infect users with the Ursnif keylogger or the Dharma ransomware. The emails claim that the included URL is a link to invoice documents that need the reader’s approval. The URL references a OneDrive page where a file named “New documento 2.zip” is automatically downloaded as soon as the page is displayed. The zip file contains a Visual Basic script and an image file. Should the user execute the Visual Basic script, infection begins.

Impact

  • Data Encryption

Indicators of Compromise

SHA-256

  • 13b22c8d501151d5c8b84f18db88230a42b65627733609286b6f6ccb32f211bd
  • 62892922aed47d60f156b0b51401eba01f88dae09d5a528ca7fdbbcb1aad23d5
  • 04fa78a0d3894e1582cc90c13f38b3dbcf8c30b2e835d1130aeaa9d09ed4d706
  • 9448ab01ee3d118ef97f9ffe8c7bd9a7e9043573d52e680c7520ee181356e272
  • 86f03ed95e3f6e0d67970cf3f9ee8cec80fb72cbfbb7ab193c9f234e8dc311b9
  • 3b86442e9a954f4c7867568578db5ee4951263c85f8a4fec8f81385f61a6aad8
  • 1db9fe4ced92d437f1f92904f2e27b81fcdf868d5251ab9051073e08dd1809c1
  • 3476ee7633e0c0ff8aed69478bcc47adc949f568ea440f2c80ddc8f066787faf
  • d62e18f35e5963ef393ee37aa51c503394d151f43970148b5e06ac53065c85f5
  • 5c7b825d2a3d07c0d23e6d86d74f713f35fd5aab3daf513cebae3d3a5fb644be
  • 8c89d5c18155576ea19fec79256868bdf35624127c59887d3b2f4a09ec0a2ce6
  • f1638d8c2be9856621683f8f7a8e8e76271804cc379a0cac92f927e117497cf1
  • abd5cd27c0fcb242af66b70b1a6ee892edb807e8a357e60ef773c2434318943a
  • 367cb0573536e9281874bce0f0afd44c93be1311a3515aa3324eeff235fba849
  • dae81a84eb7a013ec89e509f469d41d58b9f5cbc85f9cdec6cfb9d939162bd38
  • 4289ac36165741f72d6cfa71cc26f07f739fae4803d8da1dfbb9f7f81d5bb03d

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.