Rewterz Threat Alert – New Android Malware – Active IOCs
April 6, 2022Rewterz Threat Alert – Pandora Ransomware – Active IOCs
April 6, 2022Rewterz Threat Alert – New Android Malware – Active IOCs
April 6, 2022Rewterz Threat Alert – Pandora Ransomware – Active IOCs
April 6, 2022Severity
High
Analysis Summary
A financially-motivated advance persistence threat group has been active since at least 2013. The group has been targeting restaurant, retail, and hospitality sectors since mid-2015. It has been regarded as one of the most successful criminal hacking groups to ever exist. REvil has also been used by the threat group until they reated their own RaaS (Ransomware as a Service), Darkside. The group has been behind many notorious hacks of 2018 and has also been linked to Ryuk.
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
- findoutcredit[.]com
- againcome[.]com
- modestoobgyn[.]com
- myshortbio[.]com
- estetictrance[.]com
- internethabit[.]com
- bestsecure2020[.]com
- chyprediction[.]com
- domenuscdm[.]com
- spontaneousance[.]com
- fashionableeder[.]com
- incongruousance[.]com
- electroncador[.]com
- astara20[.]com
- coincidencious[.]com
MD5
- 0c6b41d25214f04abf9770a7bdfcee5d
- 21f153810b82852074f0f0f19c0b3208
- 02699f95f8568f52a00c6d0551be2de5
- 0291df4f7303775225c4044c8f054360
- 0fde02d159c4cd5bf721410ea9e72ee2
- 2cbb015d4c579e464d157faa16994f86
- 3803c82c1b2e28e3e6cca3ca73e6cce7
- 5a6bbcc1e44d3a612222df5238f5e7a8
- 833ae560a2347d5daf05d1f670a40c54
- b637d33dbb951e7ad7fa198cbc9f78bc
- bce9b919fa97e2429d14f255acfb18b4
- d1d8902b499b5938404f8cece2918d3d
SHA-256
- bac99f7a488ac0499ea1636f4d16dd3dfca2c1c4ebff06c3374d194ce16b8233
- 454afe23c5e0c3d535e5f0794e838ca98fb23a55181a657aa1004df814ea1ddc
- abdddde8d3119f3935c28dd0879eeb4fe59885eb93614abad15769d14fbc7a30
- da8df0a03ece4e0920b4afc5a7cbcf23c931b6695393887600b39b555336f2ff
- 42393d0298648797713736bde2f7214d06719ca2fe5c8b87f924fa1a068dfa38
- 3390c4226ba6d21608d20d8ac51d5b4ae0021292de8283a2097588f98e484d7b
- 19b0a642622fbf87b385200441bdda250cf0278063525ed6e35ba7210a75af2d
- 76d1a3079b3ef08c5fbf4476f6479ddba0a5e20fd712e5b6acadafae6f817696
- 850edeafd3924538ec806649ad6eeec66fd92916dbd4693bfa91c582c62299a5
- f5848d5c3093599ab286f0815825db0a5eee04b82c4f76d579a546abb21035af
- 959bd563362a4bde2c1632c89e2cdc574b6f36919d873ed5e3e156591304a8da
- a8592747024715d3b0effdac95345bc8956e09823ff429887f4f9c56085515fa
SHA-1
- 805ab904bfd0a55413b10105ff9d97acf54653f5
- fa37e0d44dc8846f4b8a4153580623d2dff7a22e
- 1fede854ee97098efff357fd8b19d1e8d971e9d1
- 4d6d466154f6e20e7fbcee0c5059db42888f42f9
- b27fa4ebce6fa7e6c1283af43cb3d1659091a59c
- 8782092c4e64fb45c9d88efeae9ae6ee793259d1
- 7d61adfad363508666bd20e11f992eecf56449da
- 3b1e7d91ae17a3016384f6cc30ee75620cc6f4a9
- 3b1bdcba0926786c0d621a59894cffa8b0d0e4de
- 6de22d1ad5a30f18651a9ddef361fcdf27094888
- ccd307e8e4b962fd09dcaa27b28c8bcb1e6391cf
- 9016f1b6328d6601059127be555f84eb732e2718
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.