Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
December 13, 2021Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
December 13, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
December 13, 2021Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
December 13, 2021Severity
High
Analysis Summary
SNAKE ransomware is targeting networks and aiming to encrypt all of the devices connected to them. The ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach. When started Snake will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. It then proceeds to encrypt the files on the device, while skipping any that are located in Windows system folders and various system files. When encrypting a file it will append a ransom 5 character string to the files extension. For example, a file named 1.doc will be encrypted and renamed like 1.docqkWbv.F
Impact
- File Encryption
Indicators of Compromise
Filename
- GetSourceLineInfoDelega[.]exe
- TaskContinuati[.]exe
- TypeNameFormatFla[.]exe
MD5
- d9f810a87a4b6d7f09b3e7ecc90466ac
- 28b4a6b83ce224ed0e69e8ff0a6d2454
- cde602ef9019c891f98005bc0288fccb
- 89cfcac2d2d9f2a5931d720e46d11a11
SHA-256
- 8a5a1a5e7f6314a2a43c42afd25fc92751405dfa206e2aeb686c7e79cb578a06
- 5916982f424b7a89ca9b07d6db1e194acd92fec181cbc8559dd6dcf91e35a5e9
- 8622876ec5e7648e87a9d9d889397434d6ddac409a72889216113c9bae3a7962
- f41b2b9934c2ff02932bf87f2019133adb2f557350d416cbc87c9543f2818d5a
SHA-1
- c4fc2f579c97cf36b006aecadea93033a818f593
- a86c89431bea8a00bf995942799ed59a256bb272
- 08c91a3aa726578b82c29aaf7d42380d47b23201
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment