Rewterz Threat Advisory – Wormable, Zero-Click Vulnerability in Microsoft Teams
December 8, 2020Rewterz Threat Advisory – QNAP patches Multiple QTS vulnerabilities
December 8, 2020Rewterz Threat Advisory – Wormable, Zero-Click Vulnerability in Microsoft Teams
December 8, 2020Rewterz Threat Advisory – QNAP patches Multiple QTS vulnerabilities
December 8, 2020Severity
Medium
Analysis Summary
Sodinokibi ransomware usually targets victims, infecting systems via Microsoft Office documents. After encryption, a ransom note is found on infected systems. The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on target system. The ransomware has re-emerged in the cyberspace after a few months, earlier campaigns dating back to July and August, 2020. Recently, few samples of Sodinokibi were found being distributed.
Impact
- Files encryption
- Information theft
Indicators of Compromise
URL
- https[:]//espacoememoria[.]org/?adf99ed=653645
- https[:]//espacoememoria[.]org/%ED%94%BC%EC%8B%9C-%EC%B9%B4%EC%B9%B4%EC%98%A4%ED%86%A1-%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C/
- https[:]//espacoememoria[.]org/
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.