• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Donot APT Group Targeting Pakistani Officials – Active IOCs
November 26, 2021
Rewterz Threat Alert – Gh0st RAT Malware – Active IOCs
November 26, 2021

Rewterz Threat Alert – REvil Ransomware – Active IOCs

November 26, 2021

Severity

Medium

Analysis Summary

The REvil (also known as Sodinokibi) is a Ransomware-as-a-Service (RaaS). The first attack of REvil in middle of April 2019, and attracted huge attention span from the InfoSec world due to their uncanny similarities with GandCrab Ransomware. The group uses different distribution techniques of deploying ransomware such as exploit kits, scans and exploiting various vulnerable software (Oracle WebLogic), RDP servers, and backdoored software installers. Revil has made estimated over $100 million by infecting large business owners and they threaten to publish data if the ransom money is not paid by the victim. 

REvil Ransomware Code Ripped Off by Rivals | Threatpost

Impact

  • File Encryption

Indicators of Compromise

MD5

  • 319def7ee71ed3312279527fdea77844
  • 2ad1d028268be65a0f56d6648a9bf189
  • 70c78893cabde892192659eb78dfb109
  • 294953def6ca234532cad60d9476532d

SHA-256

  • d803588d7aebca8f076b3891e5c735cc42ce8d56d8c48d18a55b9e9c28c3c898
  • 0e26e92540256dd8c30ade86dac86b349635764fb8f5a915e9c19e1eaeb6cd32
  • 09464ce798cc2f950afa975db5433c6a7bb5668c7b37125249ada866d41dafda
  • 474f76ffd98f92e698a4800091cf66afbe96d17ed0c3bf66488180b75d861958

SHA-1

  • 0b359ea05e901e3be193d8476fe56b7762f21c41
  • b38fe2389fb8df6436da0ce5c34a56e9be11d8a3
  • 5b114722930810e0b87b38505d6f53086bddfb3e
  • 0e20113a976e960c0d9025da23e1d5c6778d3697

Remediation

  • Block the threat indicators at their respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.