Rewterz Threat Alert – RedLine Stealer – Active IOCs
April 27, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
April 27, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
April 27, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
April 27, 2022Severity
High
Analysis Summary
NOKOYAWA is a new emerging ransomware that encrypts data and demands ransom for its decryption. It encrypts files and attaches a “.NOKOYAWA” extention to their filenames. To be more precise, a file named “1.jpg” would become “1.jpg.NOKOYAWA,” and the same goes for other files that are impacted by this ransomware. After this process, a ransom note titled “NOKOYAWA_readme.txt” is created on the desktop. This ransomware’s ransom message is repeated twice in both English and Chinese. They notifies victims that their files have been encrypted and can only recovered via the attackers’ decryption key. Infected email attachments and torrent websites could be the distribution method for this ransomware.
Taken from Sentinel One
Impact
- Information theft
- File encryption
Indicators Of Compromise
- Brookslambert@protonmail[.]com
- charlefletcher@onionmail[.]org
- Johnatannielson@protonmail[.]com
- Sheppardarmstrong@tutanota[.]com
MD5
- 354c0c8c4466f0f8cc508c7813c096f5
- 22a006b6d19558c3cebd708b2b0543bc
- 2e936942613b9ef1a90b5216ef830fbf
- 790e1636821bb83eff48fd8314557817
SHA-256
- 86953a6ce9fb7bf8b7791b9c6b751120c35ee1df5590ba4ff447e21c29259e51
- fefd1117c2f0ab88d8090bc3bdcb8213daf8065f12de1ee6a6c641e888a27eab
- e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4
- 6c98d424ab1b9bfba683eda340fef6540ffe4ec4634f4b95cf9c70fe4ab2de90
SHA-1
- 2904358f825b6eb6b750e13de43da9852c9a9d91
- 2d92468b5982fbbb39776030fab6ac35c4a9b889
- 32c2ecf9703aec725034ab4a8a4c7b2944c1f0b7
- 960fae8b8451399eb80dd7babcc449c0229ee395
Remediation
- Backup your data. Any damage in case of a successful attack will be mitigated if data is backed up.
- Emails from unknown senders should always be treated with caution.
- Never open links or attachments from unknown senders.
- Disable all threat indicators at your respective controls.
- Look for IOCs in your surroundings.