Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
October 27, 2021Rewterz Threat Alert – PuzzleMaker APT Group – Active IOCs
October 27, 2021Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
October 27, 2021Rewterz Threat Alert – PuzzleMaker APT Group – Active IOCs
October 27, 2021Severity
High
Analysis Summary
Sodinokibi ransomware usually targets victims, infecting systems via Microsoft Office documents. After encryption, a ransom note is found on infected systems. The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on the target system. The ransomware has re-emerged in cyberspace after a few months, earlier campaigns dating back to July and August, 2020. Recently, few samples of Sodinokibi were found being distributed.
Impact
- Files Encryption
- Information Theft
Indicators of Compromise
MD5
- c83df66c46bcbc05cd987661882ff061
SHA-256
- f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5
SHA-1
- 48d1558fe3ac689b7eaac82738a023c13f4c0e7c
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.
- Search for IOCs in your environment.