• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
March 14, 2022
Rewterz Threat Alert – RedLine Stealer – Active IOCs
March 14, 2022

Rewterz Threat Alert – RU Ransomware – Active IOCs

March 14, 2022

Severity

High

Analysis Summary

RU Ransom appears to be targeting Russian assets in retribution for Russia’s invasion of Ukraine. This malware is developed in .Net and uses AES-CBC with hard-coded salt. It replicates itself on all portable devices, spreading like a worm and mapped network shares under the file name “Россия-Украина_Война-Обновление.doc. exe” which is translated as”Russia-Ukraine_War-Update.doc.exe. in English. After propagating effectively, the malware begins encrypting data. If the designated disc letter is “C:\,”, the files in the folder “C:\Users\” are encrypted. For other detachable and mapped network devices, all files that recursively branch from the root directory are encrypted. The keys are unique for each encrypted file and are not saved, making the encryption irreversible and distinguishing the malware from ransomware variants.

Impact

  • File Encryption

Indicators of Compromise

Filename

  • RURansom[.]exe
  • dnWIPE[.]exe

MD5

  • 8fe6f25fc7e8c0caab2fdca8b9a3be89
  • 01ae141dd0fb97e69e6ea7d6bf22ab32
  • 191e51cd0ca14edb8f06c32dcba242f0
  • 9c3316a9ff084ed4d0d072df5935f52d
  • fe43de9ab92ac5f6f7016ba105c1cb4e
  • 6cb4e946c2271d28a4dee167f274bb80

SHA-256

  • 107da216ad99b7c0171745fe7f826e51b27b1812d435b55c3ddb801e23137d8f
  • 1f36898228197ee30c7b0ec0e48e804caa6edec33e3a91eeaf7aa2c5bbb9c6e0
  • 610ec163e7b34abd5587616db8dac7e34b1aef68d0260510854d6b3912fb0008
  • 696b6b9f43e53387f7cef14c5da9b6c02b6bf4095849885d36479f8996e7e473
  • 8f2ea18ed82085574888a03547a020b7009e05ae0ecbf4e9e0b8fe8502059aae
  • 979f9d1e019d9172af73428a1b3cbdff8aec8fdbe0f67cba48971a36f5001da9

SHA-1

  • a30bf5d046b6255fa2c4b029abbcf734824a7f15
  • c35ab665f631c483e6ec315fda0c01ba4558c8f2
  • fbeb9eb14a68943551b0bf95f20de207d2c761f6
  • c6ef59aa3f0cd1bb727e2464bb728ab79342ad32
  • 27a16e1367fd3e943a56d564add967ad4da879d8
  • 0bea48fcf825a50f6bf05976ecbb66ac1c3daa6b

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.