Rewterz Threat Advisory – CVE-2020-10713 – Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
July 30, 2020Rewterz Threat Alert – MSSQL Servers Hijacked and Made into Monero Mining Machines
July 30, 2020Rewterz Threat Advisory – CVE-2020-10713 – Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
July 30, 2020Rewterz Threat Alert – MSSQL Servers Hijacked and Made into Monero Mining Machines
July 30, 2020Severity
Medium
Analysis Summary
Sodinokibi ransomware was found infecting systems via Microsoft Office documents. After encryption, the following ransom note is found on infected systems.
The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on target system.
Impact
- Files encryption
- Information theft
Indicators of Compromise
Domain Name
- highlinesouthasc[.]com
- naryoutdoors[.]com
- extraordi-naryoutdoors[.]com
- takeflat[.]com
- decryptor[.]cc
MD5
- 9cd25cee26f115876f1592dcc63cc650
- 9141ce187f33a1a0bc6cf310a508c0af
SHA-256
- ece23612029589623e0ae27da942440a9b0a9cd4f9681ec866613e64a247969d
- 8ff6b978077a7342464d84e2ddbeb558985545980b058f5bda064de852f8d928
SHA1
- 40963139cc017a296cb9826c88749099ffdf413e
- 7e7831ecad7448273931017ec5c8e5d85eccc705
URL
- http[:]//decryptor[.]cc/[rehttp[:]//decryptor[.]cc/[removed_by_
- http[:]//decryptor[.]cc/[removed_
- http[:]//decryptor[.]cc/[removed_by_analyst]
- http[:]//decryptor[.]cc/[re-moved_by_analyst]
- http[:]//decryptor[.]cc/
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.