Rewterz Threat Alert – DJVU Ransomware – Active IOCs
May 30, 2022Rewterz Threat Update– Threat Actors Stole Nearly 100,000 NPM Users’ Credentials In GitHub OAuth Breach
May 30, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
May 30, 2022Rewterz Threat Update– Threat Actors Stole Nearly 100,000 NPM Users’ Credentials In GitHub OAuth Breach
May 30, 2022Severity
High
Analysis Summary
REvil, also known as Sodinokibi, is ransomware-like malware. This group has gained recognition for its high-profile attacks since its discovery in 2019. Among other tools, it employs advanced encryption techniques and can function without connection to control servers. In July 2021, the REvil ransomware group exploited the Kaseya VSA tool used to perform client monitoring and patch management by MSPs. The gang first compromised the VSA software and then deployed their ransomware on the on-premise servers of enterprise networks. More than 1500 organizations were compromised in that breach.
This ransomware has been used against organizations in the manufacturing, transportation, and electric sectors.
Recently, the REvil ransomware gang appears to be back after the FBS detained 14 of its members in January after a hiatus in activity.
Impact
- Data Encryption
Indicators of Compromise
MD5
- 8a18fa2696f31992ef9bb3a971724f29
- a80bcbe62fd8d070796a757e3ca2a21b
- a055246b0e804eb3a1dda52937f556ef
- 8203a583c5eef23e5fa7fa9d1506d430
- 48a673157da3940244ce0dfb3ecb58e9
SHA-256
- ecac12520eaa08addb97ed05c2ac1406d56e58eb422954b704ef5c5516e02397
- 2bad63edfca3e163691110868bfafe4c2fea3ee72f5dc520bee5d4401cec3cec
- a29f63484f53d2cf832b2bc70d6b66378b87b86221f885d0f43166503d631ef3
- b78469fb8eff53d82081bdcb0dbb3436f239b8ca6ef7fd800ce5ba7e098c256f
- 74bc2f9a81ad2cc609b7730dbabb146506f58244e5e655cbb42044913384a6ac
SHA-1
- 5aa9a303eedb9d0a6f0dc5d6c78ccd90b1e6852f
- d9edd7a50a0e94cf764c7c5d77361e83cb62ccac
- 6807425e1252f1154664fc8072dde03558ed35fe
- a03db11124592b36137f3603afdba5e3c999aae9
- f69f954699eaabec17a0157ed3503e7ee2ae8474
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.