March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Malware Masquerading as Privacy Tool – Active IOCs

July 5, 2021

Rewterz Threat Alert – Lokibot Malware – Active IOCs

July 5, 2021

Rewterz Threat Alert – Sodinokibi Ransomware – IoCs

July 5, 2021

Severity

Medium

Analysis Summary

Sodinokibi ransomware usually targets victims, infecting systems via Microsoft Office documents. After encryption, a ransom note is found on infected systems. The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on the target system. The ransomware has re-emerged in cyberspace after a few months, earlier campaigns dating back to July and August 2020. Recently, few samples of Sodinokibi were found being distributed.

Impact

Files encryption
Information theft

Indicators of Compromise

SHA-256

d1665df9944daed8e43c19800be247316647fbccf6d87745bf530ce7b47a47e6
8ad0277fb2d7b89c39b36879fc9d45677e24b0453eb6d696c53d03c2c87f8ac9
58597c93cb3105796021080c936e15df3f4c4e690ac171e5413e565cc68893ee
699149cba186ac9a3b9751585c0af7bd9ffeec6da8c5457917009b262f0123e0
e531055e4eccb9fce25e53b62c346eb2a923e38822311d2fb9a74b198553c6f4
b90507e4cb309c60e3498d65b5d0d4075f21975a1a41663211688a4f22803762
824f4441df0fe3961bcfe8e044a69b0edc6b16c44ca14e30f26a184027cdfa10
1f08cc17803197572203c4181612d681071d43d14de5d4b6a9b8c8d08002f454
b0b2db0bcaf6d68855220ee9c5b2c263804e576bc7dbc86bd4f6942001ccd302
13f75bd01bab699a5073901cdc7b9f3b3c1065d28e4797b7c8176292f1e351f3
cfb840906f26b743904494dcde8cbac4643c89d07eed1d152812a550a6875f16
33af2e69bac76993e6c47e43051837d4643a252ef0454e7179f2d302979926c8
4bdc9a2a5f8cc96ad59a27f5b3867dff160771f871bef421e3fa5beeec3e3898
626dff7c4bb58aec31b89f0601650ef80d8e7fc78df17ca7bc8dbc33fe55df64
3601ea802259efc131664ac538f6ede0cb72d0041c7aaa1a887938295489b24c
f450060a34bac7477fd7001ba8d700d4dbc2fb246e6a0195a12a1e9fc5b595b4
6b9da879de6eeb937660df3c0bfea80290eb7da5c69ff4335d496b3f95a0265d
8b9d662ddb0fb85d0557f9c78d52621ab43f681e92df2f0119627864adefaa72
f022c61241b5e9401b370ef28e67f58830f559f92180854fa750f1287d2ecb25
a58ec4a58c6d2883e21b2b4d7d68862fad56203bf00dc755bc6946c2170d0603
809829ae6d97790c95a1a65f3ce102ce5bc94df988d758bcf2a4cc4aebc98c14
51a96d83d31ca8dc575c554cf6aff78ec4a63ee88b90d378d3dfc045ab593fd9
cdc62597a680d2a85cb25367bb949f01c0250354683bd783249a30d04d5ca0c1
f963a18cfddd5931c7dedeb1e101298d062c42a9254664f9c20c1a12157cb49a
afd4568a2511bd2186ebd9787f58d6f6904589c15e7d7a9f12305620a6ca09fe
227d0f69735d37fb5a432b8d35fb0c198aa0cd33bc267e862dbd15687d1519ed
d1520b650624e27b6b555b04b9718c4a247a533f0410a4dee53e68218449f37a
024a911872484967095509b28ad447549b960c3a8c1ff6e07a9c81c6b5d55914

Remediation

Block the threat indicators at their respective controls.
Do not download files attached in untrusted emails.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Malware Masquerading as Privacy Tool – Active IOCs

Rewterz Threat Alert – Lokibot Malware – Active IOCs