Rewterz Threat Advisory – Multiple IBM Spectrum Product Vulnerabilities
April 27, 2021Rewterz Threat Advisory – Apple MacOS Big Sur Vulnerabilities Leaving Users at “Grave Risk”
April 27, 2021Rewterz Threat Advisory – Multiple IBM Spectrum Product Vulnerabilities
April 27, 2021Rewterz Threat Advisory – Apple MacOS Big Sur Vulnerabilities Leaving Users at “Grave Risk”
April 27, 2021Severity
High
Analysis Summary
A recent campaign targeting financial sector linked to the REvil/Sodinokibi ransomware family is identified. Often refered to Ransomware-as-a-Service (RaaS), the TTPs used in each campaign may vary from one another. Threat actors of REvil/Sodinokibi often uses techniques as lateral movement and gaining access to the domain controller/ active directory.
In a recent campaign, bank in Latin America was targeted with REvil/Sodinokib malware when users were targeted via phishing campaign with malicious attachment or a link. The attachment was likely opened and accessed which gave the way in for threat actors to the victim network. The access was used to move laterally within the network to the domain controller and eventually deployed the REvil/Sodinokibi ransomware from the domain controller to connected systems.
Impact
- Data exfiltration
- File encryption
Indicators of Compromise
MD5
- 4a97c4345aabf9dd922d29687c95ac66
- bcfe3d2ff936b0a844aa3aab8d47d359
- 4c27833b7e59d8d38ae492dd2dba6265
- 4c1f937abc0de55eac059977e67c5cd5
- c62ea1fbc45f1baf086e01b313aeb441
SHA-256
- 5bc506b9f61ecec47326892dfd17d958d3568b189dca3afd09f6daffa021acc0
- 3420402111e66697e566f2545628bd9b8aee2abeb30a1517e540812b419e7a33
- d7f57bc1d517e31371b44e359b7307fd9edaf9aa047998f40c6dd8c0ee71f99d
- 511eeb8974f08f27cdae3502bed1520def590dc0cf88b6b4eaf28c92764fc1ec
- 5446b50d7feccd20ea602dd0c0da45e0a4c005409b6619e671ea9940879e2c8b
SHA1
- f54bf6a4c6f7c3d0077d152a094e3c7738cf0bd1
- 19f752bf063dc421a814810044d688ca1cb79b67
- 8f4fe7c056145e5307c9fa74903ab9b69d733b5a
- c33bbc72f552bf9abdc94d31c9642c8699de3d43
- 1e4eeaf86798fe222a9f16f5cc36f2446bbbbab8
URL
- hxxp[:]//aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd[.]onion/
Remediation
- Block all threat indicators at your resepctive controls.
- Search for IOCs in your environment.