• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-10713 – Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
July 30, 2020
Rewterz Threat Alert – MSSQL Servers Hijacked and Made into Monero Mining Machines
July 30, 2020

Rewterz Threat Alert – Sodinokibi/REvil Ransomware – Active IoCs

July 30, 2020

Severity

Medium

Analysis Summary

Sodinokibi ransomware was found infecting systems via Microsoft Office documents. After encryption, the following ransom note is found on infected systems. 

image-1578397927.png

The ransomware usually demands a ransom of $850k or $1.7m for decrypting the files on target system.

Impact

  • Files encryption
  • Information theft

Indicators of Compromise

Domain Name

  • highlinesouthasc[.]com
  • naryoutdoors[.]com
  • extraordi-naryoutdoors[.]com
  • takeflat[.]com
  • decryptor[.]cc

MD5

  • 9cd25cee26f115876f1592dcc63cc650
  • 9141ce187f33a1a0bc6cf310a508c0af

SHA-256

  • ece23612029589623e0ae27da942440a9b0a9cd4f9681ec866613e64a247969d
  • 8ff6b978077a7342464d84e2ddbeb558985545980b058f5bda064de852f8d928

SHA1

  • 40963139cc017a296cb9826c88749099ffdf413e
  • 7e7831ecad7448273931017ec5c8e5d85eccc705

URL

  • http[:]//decryptor[.]cc/[rehttp[:]//decryptor[.]cc/[removed_by_
  • http[:]//decryptor[.]cc/[removed_
  • http[:]//decryptor[.]cc/[removed_by_analyst]
  • http[:]//decryptor[.]cc/[re-moved_by_analyst]
  • http[:]//decryptor[.]cc/

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files attached in untrusted emails.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.