• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – New Android Malware – Active IOCs
April 6, 2022
Rewterz Threat Alert – Pandora Ransomware – Active IOCs
April 6, 2022

Rewterz Threat Alert – FIN7 APT – Active IOCs

April 6, 2022

Severity

High

Analysis Summary

A financially-motivated advance persistence threat group has been active since at least 2013. The group has been targeting restaurant, retail, and hospitality sectors since mid-2015. It has been regarded as one of the most successful criminal hacking groups to ever exist. REvil has also been used by the threat group until they reated their own RaaS (Ransomware as a Service), Darkside. The group has been behind many notorious hacks of 2018 and has also been linked to Ryuk.

Impact

  • Information Theft and Espionage

Indicators of Compromise

Domain Name

  • findoutcredit[.]com
  • againcome[.]com
  • modestoobgyn[.]com
  • myshortbio[.]com
  • estetictrance[.]com
  • internethabit[.]com
  • bestsecure2020[.]com
  • chyprediction[.]com
  • domenuscdm[.]com
  • spontaneousance[.]com
  • fashionableeder[.]com
  • incongruousance[.]com
  • electroncador[.]com
  • astara20[.]com
  • coincidencious[.]com

MD5

  • 0c6b41d25214f04abf9770a7bdfcee5d
  • 21f153810b82852074f0f0f19c0b3208
  • 02699f95f8568f52a00c6d0551be2de5
  • 0291df4f7303775225c4044c8f054360
  • 0fde02d159c4cd5bf721410ea9e72ee2
  • 2cbb015d4c579e464d157faa16994f86
  • 3803c82c1b2e28e3e6cca3ca73e6cce7
  • 5a6bbcc1e44d3a612222df5238f5e7a8
  • 833ae560a2347d5daf05d1f670a40c54
  • b637d33dbb951e7ad7fa198cbc9f78bc
  • bce9b919fa97e2429d14f255acfb18b4
  • d1d8902b499b5938404f8cece2918d3d

SHA-256

  • bac99f7a488ac0499ea1636f4d16dd3dfca2c1c4ebff06c3374d194ce16b8233
  • 454afe23c5e0c3d535e5f0794e838ca98fb23a55181a657aa1004df814ea1ddc
  • abdddde8d3119f3935c28dd0879eeb4fe59885eb93614abad15769d14fbc7a30
  • da8df0a03ece4e0920b4afc5a7cbcf23c931b6695393887600b39b555336f2ff
  • 42393d0298648797713736bde2f7214d06719ca2fe5c8b87f924fa1a068dfa38
  • 3390c4226ba6d21608d20d8ac51d5b4ae0021292de8283a2097588f98e484d7b
  • 19b0a642622fbf87b385200441bdda250cf0278063525ed6e35ba7210a75af2d
  • 76d1a3079b3ef08c5fbf4476f6479ddba0a5e20fd712e5b6acadafae6f817696
  • 850edeafd3924538ec806649ad6eeec66fd92916dbd4693bfa91c582c62299a5
  • f5848d5c3093599ab286f0815825db0a5eee04b82c4f76d579a546abb21035af
  • 959bd563362a4bde2c1632c89e2cdc574b6f36919d873ed5e3e156591304a8da
  • a8592747024715d3b0effdac95345bc8956e09823ff429887f4f9c56085515fa

SHA-1

  • 805ab904bfd0a55413b10105ff9d97acf54653f5
  • fa37e0d44dc8846f4b8a4153580623d2dff7a22e
  • 1fede854ee97098efff357fd8b19d1e8d971e9d1
  • 4d6d466154f6e20e7fbcee0c5059db42888f42f9
  • b27fa4ebce6fa7e6c1283af43cb3d1659091a59c
  • 8782092c4e64fb45c9d88efeae9ae6ee793259d1
  • 7d61adfad363508666bd20e11f992eecf56449da
  • 3b1e7d91ae17a3016384f6cc30ee75620cc6f4a9
  • 3b1bdcba0926786c0d621a59894cffa8b0d0e4de
  • 6de22d1ad5a30f18651a9ddef361fcdf27094888
  • ccd307e8e4b962fd09dcaa27b28c8bcb1e6391cf
  • 9016f1b6328d6601059127be555f84eb732e2718

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/ attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.