Rewterz Threat Alert – NetWire RAT Malware – Active IOCs
August 30, 2021Rewterz Threat Advisory –CVE-2021-36744 – Trend Micro Security Vulnerability
August 31, 2021Rewterz Threat Alert – NetWire RAT Malware – Active IOCs
August 30, 2021Rewterz Threat Advisory –CVE-2021-36744 – Trend Micro Security Vulnerability
August 31, 2021Severity
High
Analysis Summary
The Troldesh ransomware was detected back in August 2019. The criminals that were behind the attacks were using hacked or specially made sites in order to deliver the infection. When the victims click on them they will automatically launch the dropper script which in turn will lead to the ransomware infection. Troldesh Ransomware carries out a similar attack to most encryption threats. Troldesh is an extremely aggressive crypto-ransomware that originated from Russia and can open a communication channel with victims for payment instructions. Through the opened communication channel, the price that is asked to pay for a file decryption key may be negotiated in some aspects.
Impact
- File Encryption
Indicators of Compromise
MD5
- 78e69723f1442f1b34a74de9430bcdd5
- 58997a369e34e552ff93b260c4719bf0
- 02e8c7af3724ff535da627197920ad14
- 7c8548dc28e0e2b14cfb953f4d2690b3
- 8b4c5d6e31e1ea1092535caef347772e
- ca13f4913d90017fd5cd552b30c25349
- 27e765ba494c9f2c1228f57455642fdb
- 13ff5145f905b197eee478e565e30f4e
- bb8fce33b3478355c5a6c4f52f6ff83b
SHA-256
- 62214ccdcb1052b518e6059060daec143430c1ae13a799873ebabea7f3eae217
- d23c897e7bb23a6a525d1206dc792f0b81c34b4cce433614c08ce87aecd247fe
- ed801a3e54843afe989aadd69cdab5e6fbf00e8e02742f354519b4b16de8f31c
- e32998012af31476e39dedb2f725269dbd0a165d74b53a32e5e359da3a01221d
- c197da0fda316a92c66744bf13c77891e9f39cc10fbfebc42285a8b4761440b5
- 25c3a5bf8a33e941286f5f271843a480e4f8669086eac047abdfd6f8d5f96a06
- 8025918ab649e33642c4eb74c2814397e971d5ab68e631e91649354c8dec2be5
- df2894b4298be05620b329d27bf0b45314629316fd6a082b6d90bbdfe9bf5a53
- 6192163bbb9343a274904093b94d6b12111a88bf24b58cbf9ed2c1463503e022
SHA-1
- 99988ae1025773dc0ff9028edf700acb1d86f846
- 1f0b79055c952aaf60799baf5b614331416ccef3
- 794bd6f52a9673e1146321fa2545c580858c0d5f
- e70a729a4bbc5de08fa4461d3ba43098cb17b3b6
- 0b58bbedb4441f1585a6ce41e1bc53a3ac771c9b
- c620800477ad9d2b4e6939847f58ec05aaee0d1d
- 7dc8e7af1f2edb7cf2e70c4662f2431451829445
- 5d983937eeb3ce1455eed52bb478c84d54d64f81
- 81ed80cb69b5c6e65bff71b8c53160a467099475
Remediation
- Block all threat indicators at your respective controls
- Always be suspicious about emails sent by unknown senders
- Never click on the links/attachments sent by unknown senders