Rewterz Threat Advisory – ICS: Multiple Siemens Vulnerabilities
March 11, 2022Rewterz Threat Alert – Bitter APT Group – Active IOCs
March 11, 2022Rewterz Threat Advisory – ICS: Multiple Siemens Vulnerabilities
March 11, 2022Rewterz Threat Alert – Bitter APT Group – Active IOCs
March 11, 2022Severity
High
Analysis Summary
Snake emerged for the first time in late November 2020. Since November 2020, malicious actors have started releasing Snake through phishing attacks. Snake Ransomware is built-in Golang, an open-source programming language that supports several operating systems. It deletes the computer’s Shadow Volume Copies and terminates processes linked to SCADA systems, virtual machines, industrial control systems, remote management tools, network management applications, and other programs. This ransomware has been attacking industrial control systems’ operations and files. Snake bypasses all Windows and other system directories on the machine during encryption. In comparison to other ransomware attacks, its encryption procedure is slower.
Impact
- File encryption
Indicators of Compromise
Filename
- MuiResourceMapEntryFiel[.]exe
MD5
- 60d701616da0e5db2aff024188e423f7
SHA-256
- 6066fc47ea6bbe1a4697b2d14e537e244cde2df01a94f57d343f6e846b4e87c9
SHA-1
- 9ced0e5a1aed00c4f4c8dc6066dbaf49657620ae
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.