Rewterz Threat Advisory – CVE-2022-34160 – IBM CICS TX Vulnerability
July 9, 2022Rewterz Threat Alert – Vidar Malware – Active IOCs
July 9, 2022Rewterz Threat Advisory – CVE-2022-34160 – IBM CICS TX Vulnerability
July 9, 2022Rewterz Threat Alert – Vidar Malware – Active IOCs
July 9, 2022Severity
High
Analysis Summary
The REvil (also known as Sodinokibi) is a Ransomware-as-a-Service (RaaS). The first attack of REvil in middle of April 2019, and attracted huge attention span from the InfoSec world due to their uncanny similarities with GandCrab Ransomware. The group uses different distribution techniques of deploying ransomware such as exploit kits, scans and exploiting various vulnerable software (Oracle WebLogic), RDP servers, and backdoored software installers. Revil has made estimated over $100 million by infecting large business owners and they threaten to publish data if the ransom money is not paid by the victim.
Impact
- Data Encryption
Indicators of Compromise
MD5
- 6268478bf01dc3eacfa23372ca8b59fa
- 6b0b4b91770ed2c332a13e78ac56af6d
- abc7e381243696168d77faa90f408347
SHA-256
- b5e73c65a92abd6d8ea6040739e6b71a207035f1517f3813c56fbac937b8ff06
- 8161225680dbb5c52e0192230c0d1b9b87120d92b289e14f93479e38024be17d
- dd59a759331f7d6c46ed43cba3d55b8325985e215b94027972006c06b1ec1f1c
SHA-1
- f497026449bef302c235a1749ede57e7a077e159
- b96e951b5ee4617c6d6e3c1fd23c5d0ef8b3c11d
- 8cc0bcd7a8701e58e689231a7250f1e42ff06f52
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.