• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert –XLoader Malware – Active IOCs
August 12, 2021
Rewterz Threat Advisory –Multiple Dell EMC Data Protection Security Vulnerabilities
August 12, 2021

Rewterz Threat Alert –Dharma Ransomware – Active IOCs

August 12, 2021

Severity

High

Analysis Summary

Italian Windows users are being targeting by a spam campaign that is spreading the Dharma ransomware as the end payload. Researchers indicates the spam emails attempt to disguise themselves as invoice emails. In reality, the spam is being used to infect users with the Ursnif keylogger or the Dharma ransomware. The emails claim that the included URL is a link to invoice documents that need the reader’s approval. The URL references a OneDrive page where a file named “New documento 2.zip” is automatically downloaded as soon as the page is displayed. The zip file contains a Visual Basic script and an image file. Should the user execute the Visual Basic script, infection begins. BleepingComputer researchers observed that both Ursnif and Dharma were the final payloads, though not to the same victim.

x2vTPF-KcTEArW33vad9AYuonhsLo9v541j_4MEROtCO1SwSy-icoUu_jtpjbr_fUxDqVo2tGs0sPCkSSf3sfNjM082iEpz9GiNEXxxcqQYe1qqsDQ5Qi0wBVWWuon1d7vG5a54h

Impact

  • Data Encryption

Indicators of Compromise

MD5

  • 95f91f236cf95d698d9195690133265b

SHA-256

  • 085105e613ad37808a8db9a3c2ba5561d5d38d5c5c43b469c93d15f0d64af0c1

SHA-1

  • 29f3c5cc44709847c416bc35b3043d3da1392a8c

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.