Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 14, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
June 14, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 14, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
June 14, 2021Severity
High
Analysis Summary
FIVEHANDS is a new ransomware variant discovered by CISA (The Cybersecurity and Infrastructure Security Agency) that successfully attacks organizations. Threat actors use exploitation tools, SombRAT RAT (Remote Access Trojan), and publicly available penetration testing tools to obfuscate files, steal information, and then demand ransomware from the victim. Credential access and network discovery were done by the threat actors using publicly available tools.
FIVEHANDS ransomware is first used by the group and later on the victims are extorted through media attention and data sale threats. The group targets organizations in Europe and North America. They have also displayed advanced capabilities of evading detection and minimize post-intrusion forensics.
Impact
- File encryption
- Information theft
Indicators of Compromise
Domain Name
- feticost[.]com
MD5
- 1f6495ea7606a15daa79be93070159a8
- abb0fbecd6ac93d3271fc34269a1fb68
- 4d3d3919dda002511e03310c49b7b47f
- 9cfd524557c76097bbf6cf493b351a04
- 132071dc69b875d239f133984655a26a
SHA-256
- ccacf4658ae778d02e4e55cd161b5a0772eb8b8eee62fed34e2d8f11db2cc4bc
- 495a0ccc38fb8f22b48025f030617978cf5fdc3df3fed32b1410ad47747ae177
- 7d57e0ba8b36ec221b16807ce4e13a1125d53922fa50c3827a5ebd6811736ffd
- 18229920a45130f00539405fecab500d8010ef93856e1c5bcabf5aa5532b3311
- a710f573f73c163d54c95b4175706329db3ed89cd9337c583d0bb24b6a384789
SHA-1
- fdf9b1098480dd4145d7d39dc1b75fb6180e09ec
- fc09069b25f42cb8dc6960eea76980a0ea8a768c
- b16a1eb8bc2e5d4ded04bfaa9ee2b861ead143ba
- ae16aea46540f2013c92e2a9ba3310824c949554
- 398d769e0d478175acbdbe9a790b2f6982110e8d
Remediation
- Download and install the latest patches for browsers.
- Beware of suspicious users and emails.
- Block all threat indicators at your respective controls.