Rewterz Threat Alert – Remcos RAT – Active IOCs
July 13, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 13, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
July 13, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 13, 2021Severity
Medium
Analysis Summary
Sodinokibi ransomware usually targets victims, infecting systems via Microsoft Office documents. After encryption, a ransom note is found on infected systems. The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on the target system. The ransomware has re-emerged in cyberspace after a few months, earlier campaigns dating back to July and August 2020. Recently, few samples of Sodinokibi were found being distributed.
Impact
- Files encryption
- Information theft
Indicators of Compromise
MD5
- 726d948d365cb9db1dfd84a30203a642
- f89c4e63b3ad5dcc550ca20afb4e8be3
- ef777a861ede95d3b02b0b135952d43a
- a60a4bb8332fe69620afb27b29e3f835
SHA-256
- d74f04f0b948d9586629e06e2a2a21bdf20d678e47058afb637414eb3701c1f6
- 0f58625addd69f66282924298d843f12f7c2dc2e4d6571952830b880c08cdfee
- 246aea5a28ed117238ed0da8e6c96a9a9f1c627613d0f9f57da3e819f57231eb
- 74dc010b0076ac000863c64cb2ef7a1aca9c12e4906ca50618ee5541677a1a5a
SHA-1
- 78ed4bcf9c0aca8d14b25da2e679a91c48dd6797
- 63379dd5a69d289df9f52affcf9c0dfe100800fa
- 39e4eb1ab854c4a7929e8e77ca0dbca37049154d
- ff61f105685387d03a645de3b0e24f4ba743ad98
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.