Rewterz Threat Alert – Witchetty APT Group Hides Backdoor Malware In Windows Logo – Active IOCs
October 2, 2022Rewterz Threat Alert – REvil Ransomware – Active IOCs
October 2, 2022Rewterz Threat Alert – Witchetty APT Group Hides Backdoor Malware In Windows Logo – Active IOCs
October 2, 2022Rewterz Threat Alert – REvil Ransomware – Active IOCs
October 2, 2022Severity
High
Analysis Summary
Phobos Ransomware is based on the Dharma malware that first appeared at the beginning of 2019. It spreads into several systems via compromised Remote Desktop Protocol (RDP) connections. This malware does not use any UAC bypass methods. Unlike other cybercrime gangs that go after big hunts, Phobos creators go after smaller firms that don’t have sufficient funding to pay massive ransoms. This ransomware usually targets healthcare providers, with victims in the United States, Seychelles, Portugal, Brazil, Indonesia, Germany, Romania, and Japan. Its perpetrators demand a little ransom payment, which appeals to victims and enhances the chances of payment. The average Phobos ransom payment in July 2021 was $54,700.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- c42c1bcd5ded13e391df0563e9a15d6e
SHA-256
- 38c47ad9fdb1ca30b15b2692431171b568556cbff7dfb17ba16c37d7daae9a05
SHA1
- bde12a0fa70cc41a58ea474858a849c69c3472f8
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.