• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2022-2077 – Microsoft Outlook 365 Vulnerability
July 5, 2022
Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
July 5, 2022

Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs

July 5, 2022

Severity

High

Analysis Summary

The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent sites and other platforms in software crack packages and adware bundles. The STOP/DJVU ransomware is a Trojan that encrypts files. It infiltrates your computer invisibly and encrypts all of your data, making them unavailable to you. It leaves a ransom letter warning which demands money in exchange for decrypting your data and making them available to you again. Malware is delivered via cracked applications, fake set-up apps keygens, activators, and Windows updates. It does not utilize local information like keyboard layouts or timezone settings to prevent infecting victims in certain countries; instead, it uses the information returned by a request to https[:]//api.2ip.ua/geo.json. The card’s MAC address is utilized to provide unique identification for the system. This identity is provided to STOP’s command and control server, which responded with an RSA-2048 public key for encryption. Additional malware, including an information stealer known as Vidar, is then downloaded and installed.

Impact

  • Information Theft
  • File Encryption

Indicators of Compromise

MD5

  • afca4de38acb5c407a5fc69c5f12c732

SHA-256

  • 56eb7435906ea26693869132f78a37c54f7735a89d2174b92aeff78e7459eee0

SHA-1

  • 76100ea5ff1a5ea3d071449f71090b7d0dc04d01

Remediation

  • Maintain cyber hygiene by updating your anti-virus software and implement patch management lifecycle.
  • Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have
  • access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them
  • regularly.
  • Emails from unknown senders should always be treated with caution.
  • Never trust or open ” links and attachments received from unknown sources/senders.
  • Block all threat indicators at your respective controls.
  • Search for Indicator of compromise (IOCs) in your environment utilizing your respective security controls
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.