Rewterz Threat Alert –Dharma Ransomware – Active IOCs
August 20, 2021Rewterz Threat Update –Unpatched Fortinet Vulnerabilities
August 20, 2021Rewterz Threat Alert –Dharma Ransomware – Active IOCs
August 20, 2021Rewterz Threat Update –Unpatched Fortinet Vulnerabilities
August 20, 2021Severity
High
Analysis Summary
Sodinokibi ransomware usually targets victims, infecting systems via Microsoft Office documents. After encryption, a ransom note is found on infected systems. The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on the target system. The ransomware has re-emerged in cyberspace after a few months, earlier campaigns dating back to July and August, 2020. Recently, few samples of Sodinokibi were found being distributed.
Impact
- Files encryption
- Information theft
Indicators of Compromise
MD5
- 8535397007ecb56d666b666c3592c26d
- a994cfba920bb87b9322aeda48282d11
SHA-256
- aae6e388e774180bc3eb96dad5d5bfefd63d0eb7124d68b6991701936801f1c7
- 8b15999cff808e9477d25bf0f839ac7c93fa4e62710fb6ae29d33787f1a05f12
SHA-1
- 0912b7cecfbe82d6903a8a0dc421c285480e5caa
- dcdade9e535ec79f839537e7ed38499d258020b3
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.