November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
July 18, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
July 18, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
July 18, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
July 18, 2022
Severity
High
Analysis Summary
NoCry ransomware is an insecure cryptomalware first discovered by security researcher S!Ri. Once this deadly malware successfully infiltrates Windows PCs, it encrypts all victims’ key files and data stored on their systems and asks them to pay for a decryption tool/software. It initially modifies Windows registry settings by writing brute force entries in them to create persistence. After that, this dangerous threat scans the entire computer to find the files that are in its target list and once detected, it locks each of them using a powerful encryption algorithm. Infected files are easy to identify because they append the “.Cry” extension to each one.
Impact
- Sensitive File Theft
- File Encryption
Indicators of Compromise
MD5
- 979b41ee9224c129d203553e34c1c4c1
SHA-256
- 67f972536102feb9b3de184c34d9f8b1114c1c38ab3fbb15bb0419043f68a913
SHA-1
- edb7e8954c380d31d75cb81d18c217fe89130c67
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.