November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – ICS : Johnson Controls Sensormatic Electronics Illustra
September 3, 2021Rewterz Threat Alert – Quasar RAT – Active IOCs
September 3, 2021Rewterz Threat Advisory – ICS : Johnson Controls Sensormatic Electronics Illustra
September 3, 2021Rewterz Threat Alert – Quasar RAT – Active IOCs
September 3, 2021
Severity
High
Analysis Summary
Fresh IoCs have been retrieved from a campaign distributing the GandCrab ransomware. GandCrab campaigns typically involve emails designed to deceive a potential victim into downloading attached malicious files. The infection process begins once a victim opens the attachment. It is important to note that the malware, in order to be successfully installed, requires the victim to enable macros. As is customary with other ransomware, it aims to lock a victim’s files, and demand that a ransom amount be paid. GandCrab usually targets consumers and businesses with PCs running Microsoft Windows. GandCrab has been involved in some of the biggest ransomware attacks, causing massive monetary loss to victims. GandCrab operators usually attempt to impersonate legitimate services in order to successfully victimize the target. For instance, in January 2020, GandCrab was distributed packed in a word document “Flu pandemic warning.doc” supposedly coming from the Center for Disease Control.
Impact
- Files Encryption
Indicators of Compromise
MD5
- eadbb456955e1dac70f801460928ef2f
- 97a449fed7d800a8a635592605ff8a67
SHA-256
- d89cd96556c827470a10290cbc68e4b354d8e4765100289578c9284561773d06
- 233437b647f9482a8a3ba51d0af69039bb58fb48609704a39db1f709a0e6aca6
SHA1
- 501808844bee323af0992f5e2d2c26a6f9622354
- 2f339d8b2edb7c07126d9a3c37effe14966817c5
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.