• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Multiple IBM Vulnerabilities
April 11, 2022
Rewterz Threat Alert – Lazarus APT Group – Active IOCs
April 11, 2022

Rewterz Threat Alert – Leaked Conti Ransomware Used to Target Russia – Active IOCs

April 11, 2022

Severity

High

Analysis Summary

Conti ransomware was discovered in December 2019 and is delivered via TrickBot. It’s been utilized against large companies and government institutions across the world, especially in North America. Conti steals important files and information from targeted networks and threatens to disseminate it unless the ransom is paid. Conti ransomware enhances performance by utilizing “up to 32 simultaneous encryption operations,” and is very likely directly controlled by its controllers. This ransomware can target network-based resources while ignoring local files. This feature has the noticeable impact of being able to create targeted harm in an environment in a way that might hinder incident response actions.

During the Russian-Ukrainian cyber warfare, threat groups and hacktivists have taken sides in support of either party. Russian originator Conti announced their support for Russia, but shortly after their data was breached and code for the ransomware was leaked. Similarly, NB65 group took Ukraine’s side and retaliated with attacks on VGTRK and the Russian Space Agency ‘Roscosmos’.

The group has created a unique ransomware from the leaked conti code and changed the ransomware note, added .NB65 extension to the encrypted file’s names, and the encryption process was also modified to change the decryptor.

Impact

  • Sensitive File Theft
  • File Encryption

Indicators of Compromise

Domain Name

  • thulleultinn[.]club
  • vaclicinni[.]xyz
  • tapavi[.]com
  • oxythuler[.]cyou
  • dictorecovery[.]cyou
  • contirecovery[.]best

IP

  • 83[.]97[.]20[.]160
  • 82[.]118[.]21[.]1
  • 68[.]183[.]20[.]194
  • 23[.]82[.]140[.]137

Remediation

  • Block the threat indicators at their respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.