Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 10, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
June 10, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 10, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
June 10, 2022Severity
High
Analysis Summary
Virlock is a file-infecting ransomware that was initially found in 2014 but reappeared in 2016 and 2017. Virlock revealed new abilities with each reappearance, showing that the threat actors are continually developing and updating the malware. It showed unique capabilities in 2016 that allowed it to expand through shared apps and cloud storage. During the initial stage of its attack, this ransomware drops three instances of itself, each with its own obfuscation and persistence techniques. By altering the functionality implemented by each instance, Virlock ensures that all three instances can evade a signature-based detection system. Virlock, like other ransomware, demands payment in Bitcoin from the victim in order to decrypt their machines.
Impact
- File Encryption
Indicators of Compromise
MD5
- 580143ce47d4b8536bc4f9bb484b521a
SHA-256
- c00612da4558216c239aee2d7a5e54145d1e693c03d9af97c0ebd1243c839977
SHA-1
- c70d2fe93d263dc354ea7092c775a52078628960
Remediation
- Never open attachments or links received by unknown senders.
- Look for IOCs in your surroundings.
- At your respective controls, disable all threat indicators.