Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
January 11, 2023Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs
January 11, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
January 11, 2023Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs
January 11, 2023Severity
High
Analysis Summary
Matiex, first observed in July 2020, is a keystroke logger that is capable of taking screenshots, record sound with the computer microphone, and store data to the system clipboard. It is used by the cyber criminals to capture sensitive data like logins, passwords, credentials, and other information. This malware generates fake pop-ups and it also contains a feature of self-destruction which allows it to uninstall automatically after a particular time. This malware is sold in underground forums and the reason behind it’s popularity is ease of use and price. This malware was used to target industrial organizations in an information theft campaign recently.
Impact
- Credential Theft
Indicators of Compromise
MD5
- 4622942793ebac6a734337176a346809
- 55bb2cff10f762602d4fc547746b74fd
- 5ab6117ef6b9607c962f102518ab534b
SHA-256
- b9713bbd42cc46a3c53e391a5e0925968b5b335205a02866fb4edeb2b337226c
- df91447ed007ba1a6b2a3e5044308148057b8f3b0f5b2a1924cba385465b0400
- beaff19d4901abc6bf50871a2514a1efb985edb39b64786adeab9259839038e7
SHA-1
- 5c7c0cceb1d1ecdd052e29a9e6a46e4ea3cfb282
- 53f34a1209ada980185fede8b5b68bd9a3bb7af3
- e37e0327403eeb95e5df462689d6b83f2d9e3d9a
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.