Rewterz Threat Alert – APT-28 FancyBear – Active IOCs
September 28, 2022Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
September 28, 2022Rewterz Threat Alert – APT-28 FancyBear – Active IOCs
September 28, 2022Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
September 28, 2022Severity
High
Analysis Summary
Phobos Ransomware is based on the Dharma malware that first appeared at the beginning of 2019. It spreads into several systems via compromised Remote Desktop Protocol (RDP) connections. This malware does not use any UAC bypass methods. Unlike other cybercrime gangs that go after big hunts, Phobos creators go after smaller firms that don’t have sufficient funding to pay massive ransoms. This ransomware usually targets healthcare providers, with victims in the United States, Seychelles, Portugal, Brazil, Indonesia, Germany, Romania, and Japan. Its perpetrators demand a little ransom payment, which appeals to victims and enhances the chances of payment. The average Phobos ransom payment in July 2021 was $54,700.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- 336e11346f73a09b1a7e117fa2542558
- 5235a9ab9fdfb520489032bf44d1f8ea
SHA-256
- 1f2c57feb6fcb80fe02d53778fa7c6b3bcba0319229fe9b9ff725a24d939c2b6
- 34e1a82f7334c825aab19a21d94361c3225ee8ad9a2027830aeea7d82f59ca15
SHA1
- dc7dccdeb25715e2652168f4b1853485410dee4f
- 2abd05a0a0b65d5b7f8acad36a7d8ecd4a5dcb11
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.