Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 2, 2022Rewterz Threat Alert – Phosphorus APT – Active IOCs
February 2, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 2, 2022Rewterz Threat Alert – Phosphorus APT – Active IOCs
February 2, 2022Severity
High
Analysis Summary
WannaCry is also called WCry or WanaCrptor ransomware malware, this ransomware can encrypt all your data files and demands a payment to restore the stolen information, usually in bitcoin with a ransom amount. WannaCry is one of the most dangerous malware ever used for cyberattacks. The attackers behind WannaCry ransomware use a tool called Eternal Blue to exploit a vulnerability in the Windows Server Message Block, or SMB Protocol. WannaCry ransomware have caused serious disruptions in healthcare sector and financial sector and locked out users from their data.
Impact
- File Encryption
Indicators of Compromise
MD5
- fab4b9c83e6cec59aacc65a149ee6528
SHA-256
- 6bb133db6ad270a180724bb1a726d1004cff6cf19fb2c33cb0cb6dc727bd18e1
- 873560a24e01b8d13a2f3f439139ab9007229af37e8b68cef4cee4c971ea5f26
- 6a69e3d84799ee2b6ba1c91d91fa7d3b641c67f62005fa6af59b04d615c4d8bb
- a223d7cf0fa6af6beb011b838b032c12afa935a07e42347b68df363baef11aab
SHA-1
- 9854923a1d121037ada38031337b0f6576a7b2b0
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.