Rewterz Threat Alert – Sophisticated Covert Attack Campaign Targeting Military Contractors – Active IOCs
September 30, 2022Rewterz Threat Advisory – Microsoft Exchange Zero-Day Actively Exploited In The Wild
September 30, 2022Rewterz Threat Alert – Sophisticated Covert Attack Campaign Targeting Military Contractors – Active IOCs
September 30, 2022Rewterz Threat Advisory – Microsoft Exchange Zero-Day Actively Exploited In The Wild
September 30, 2022Severity
High
Analysis Summary
Phobos Ransomware is based on the Dharma malware that first appeared at the beginning of 2019. It spreads into several systems via compromised Remote Desktop Protocol (RDP) connections. This malware does not use any UAC bypass methods. Unlike other cybercrime gangs that go after big hunts, Phobos creators go after smaller firms that don’t have sufficient funding to pay massive ransoms. This ransomware usually targets healthcare providers, with victims in the United States, Seychelles, Portugal, Brazil, Indonesia, Germany, Romania, and Japan. Its perpetrators demand a little ransom payment, which appeals to victims and enhances the chances of payment. The average Phobos ransom payment in July 2021 was $54,700.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- 57c5c9f7dd743b7f53fef622ddfaa455
SHA-256
- 25dce15057f3e9f904ea28e039fe0d2945308d7f41ea5386e99af4840c2e6762
SHA1
- 13122e4d18672561479f988f850dd191c3431c78
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.