Rewterz Threat Alert – Mirai Botnet – Active IOCs
July 10, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
July 11, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
July 10, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
July 11, 2022Severity
High
Analysis Summary
Phobos Ransomware is based on the Dharma malware that first appeared at the beginning of 2019. It spreads into several systems via compromised Remote Desktop Protocol (RDP) connections. This malware does not use any UAC bypass methods. Unlike other cybercrime gangs that go after big hunts, Phobos creators go after smaller firms that don’t have sufficient funding to pay massive ransoms. This ransomware usually targets healthcare providers, with victims in the United States, Seychelles, Portugal, Brazil, Indonesia, Germany, Romania, and Japan. Its perpetrators demand a little ransom payment, which appeals to victims and enhances the chances of payment. The average Phobos ransom payment in July 2021 was $54,700.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- d94873940826fbb2d4a7f6a891148afb
SHA-256
- d19d8842f13b26a8836baf58f4765cef80f87d2a9d01c4481a5c86ce92cf2696
SHA1
- 5971b8aab3b93d542bed1563474a3911395ac899
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.