Rewterz Threat Alert – Ursnif Banking Trojan – Active IOC’s
July 9, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
July 12, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOC’s
July 9, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
July 12, 2021Severity
Medium
Analysis Summary
We’ve recently observed the emergence of a new ransomware operation named DarkSide threat actor, once again thrusting the group’s name into the spotlight. Threat actors are taking advantages from social engineering campaigns. DarkSide Campaign is targeting food and energy industry by sending threatening emails. In this emails threat actor declare they have successfully exploit networks and gain unauthorized access to sensitive information, which will be disclosed publicly if a ransom of 100 bitcoins (BTC) is not paid. This campaign is started on June 4 and hitting a few targets every day. Here is a sample of the email text.
Energy and food industries are attractive targets threat actor is interested in energy (oil,gas,and/or petroleum) and food industries.
Impact
- Information Theft
- File encryption
- Unauthorized Access
Indicators of Compromise
Domain Name
- rumahsia[.]com
- baroquetees[.]com
IP
- 176[.]103[.]62[.]217
MD5
- f587adbd83ff3f4d2985453cd45c7ab1
SHA-256
- 156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673
SHA-1
- 2715340f82426f840cf7e460f53a36fc3aad52aa
Remediation
- Increase awareness of how ransomware spreads, i.e., through spammed emails and attachments.
- Monitor and audit network traffic for any suspicious behaviors or anomalies..
- Do not download files from untrusted sources or emails
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.