November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
October 3, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
October 3, 2022Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
October 3, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
October 3, 2022
Severity
High
Analysis Summary
Phobos Ransomware is based on the Dharma malware that first appeared at the beginning of 2019. It spreads into several systems via compromised Remote Desktop Protocol (RDP) connections. This malware does not use any UAC bypass methods. Unlike other cybercrime gangs that go after big hunts, Phobos creators go after smaller firms that don’t have sufficient funding to pay massive ransoms. This ransomware usually targets healthcare providers, with victims in the United States, Seychelles, Portugal, Brazil, Indonesia, Germany, Romania, and Japan. Its perpetrators demand a little ransom payment, which appeals to victims and enhances the chances of payment. The average Phobos ransom payment in July 2021 was $54,700.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- ea0740178ed1d9c298816351d68ee859
SHA-256
- 992dad791a523f2c0a0b5a74c08e5573905f301d8891db0ed6e885face9ef0e2
SHA1
- bcf0db0e3ea2a96e776f49243d6c1c5080fcc364
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.