Rewterz Threat Alert – Snake Keylogger’s Malware– Active IOCs
July 29, 2022Rewterz Threat Alert –DangerousPassword APT Group – Active IOCs
July 31, 2022Rewterz Threat Alert – Snake Keylogger’s Malware– Active IOCs
July 29, 2022Rewterz Threat Alert –DangerousPassword APT Group – Active IOCs
July 31, 2022Severity
High
Analysis Summary
A financially-motivated advance persistence threat group has been active since at least 2013. The group has been targeting restaurant, retail, and hospitality sectors since mid-2015. It has been regarded as one of the most successful criminal hacking groups to ever exist. REvil has also been used by the threat group until they reated their own RaaS (Ransomware as a Service), Darkside. The group has been behind many notorious hacks of 2018 and has also been linked to Ryuk.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 2956c03bff952b22387eed8172a26ba5
- f1aff007c04c6fd3739dbeac537edaaa
- 1e12ac069c1898ffe271ebdfcbd689c1
SHA-256
- cc2171d14d0d3c4d117155185f7c911f781aac15b57adef6c32eb0149d5da3ba
- 410cd107dfd37752936bd20d022ea614cd373aa9d37db255f65dc434e653236a
- b08e713196b712c42da2df9da7836d270306065fbf6d4720f25d80e4104daf38
SHA-1
- 0eaf6289dd7ebe8ae0879a4a72d1518e1d4ffac9
- d2742d7c4b7454745795c547594bb4f9dbddecfe
- 5c7b4da950b0f1845b38ef1aa11ca41b4731c766
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.