• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Cryptomining DDoS Malware Lucifer targets Windows and Linux
August 20, 2020
Rewterz Threat Advisory – CVE-2020-3446 – Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
August 20, 2020

Rewterz Threat Alert – WastedLocker Ransomware Active in the Wild

August 20, 2020

Severity

High

Analysis Summary

Recently, ransomware attacks have been observed that reportedly already exploited more than 31 companies, with 8 of the victims being Fortune 500 companies. These highly targeted campaigns distribute the WastedLocker ransomware. The WastedLocker ransomware is a relatively new malicious payload used by the high-profile EvilCorp MTA, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organizations and enterprises in the United States and Europe. This MTA currently focuses on targeted “big game hunting” (BGH) ransomware attacks with multiple industry victims in recent months, with Garmin as one of the latest high-profile victims attacked (officially confirmed by Garmin on July 27). The most recent ransom amount demanded was US$10M and appears to be based on the victim’s financial data. Based on the available details, the ransom was likely paid. To date, this MTA appears to have been using a mono-extortion scheme (data encryption only, with no or minimal data leakage) vs. other MTAs who use the threat of leaking a victim’s data as part of a double-extortion scheme (such as, e.g. Netwalker, Maze, and others).

Impact

  • Files Encryption
  • Loss of data 
  • Denial of Service
  • Information Disclosure
  • Credential theft
  • Security bypass

Indicators of Compromise

Domain Name

  • ludwoodgroup[.]xyz
  • net-giftshop[.]info
  • transvil2[.]xyz
  • penaz[.]info
  • typiconsult[.]com
  • consultane[.]com
  • msoftwares[.]info
  • feedbackgive[.]com
  • websitesbuilder[.]info
  • rostraffic[.]com
  • advokat-hodonin[.]info
  • guiapocos[.]xyz
  • devicelease[.]xyz
  • paiolets[.]com
  • woofwoofacademy[.]xyz
  • lendojekam[.]xyz
  • lgrarcosbann[.]club
  • flablenitev[.]site
  • traffichi[.]com
  • utenti[.]info
  • cofeedback[.]com
  • respondcritique[.]xyz
  • mwebsoft[.]com
  • utenti[.]live
  • lpequdeliren[.]fun
  • triomigratio[.]xyz
  • uplandcaraudio[.]xyz
  • dns[.]proactiveads[.]be

MD5

  • 0ed2ca539a01cdb86c88a9a1604b2005
  • 572fea5f025df78f2d316216fbeee52e
  • d124ae14809abde3528a479fe01a12bd
  • 2000de399f4c0ad50a26780700ed6cac
  • 2b3efa7882c674f4ae57dea991ff5014
  • 6d000056522c9f92b027e0c443667485
  • 31a57376158d926ae4cfa0574143d7ee
  • 2cc4534b0dd0e1c8d5b89644274a10c1
  • ef013138a06171ddaed1334601640db4

SHA-256

  • 905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a
  • 3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
  • c786e4de11e64be8d4118cf8ba6b210e3396e3bb579f3afd4bf528c35bab4a6b
  • 83710bbb9d8d1cf68b425f52f2fb29d5ebbbd05952b60fb3f09e609dfcf1976c
  • 7a45a4ae68992e5be784b4a6da7acd98dc28281fe238f22c1f7c1d85a90d144a
  • 5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367
  • f093b0006ef5ac52aa1d51fee705aa3b7b10a6af2acb4019b7bc16da4cabb5a1
  • bcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09f1c3103f57da3153ec8

SHA1

  • db908077689613c483bcdf037f211d0e3369ff12
  • 70c0d6b0a8485df01ed893a7919009f099591083
  • 82c6615db16db8fa5c25ed3ba9ee2ba4758872b4
  • 92d32c824891ea2055fbdd6b66597d7f5c003e88
  • 735ee2c15c0b7172f65d39f0fd33b9186ee69653
  • 91b2bf44b1f9282c09f07f16631deaa3ad9d956d
  • 4fed7eae00bfa21938e49f33b7c6794fd7d0750c
  • 5e5e62ff09ee59fd7d17f79ef2c726ed1c1fc26f

URL

  • http[:]//paiolets[.]com/install[.]exe
  • https[:]//devicelease[.]xyz
  • https[:]//utenti[.]info/1[.]exe
  • https[:]//utenti[.]live/1[.]exe
  • https[:]//szn[.]services/1[.]exe
  • http[:]//lendojekam[.]xyz/index[.]php
  • https[:]//uplandcaraudio[.]xyz
  • https[:]//ludwoodgroup[.]xyz
  • https[:]//respondcritique[.]xyz
  • https[:]//woofwoofacademy[.]xyz
  • http[:]//transvil2[.]xyz/index[.]php
  • https[:]//guiapocos[.]xyz
  • http[:]//flablenitev[.]site/index[.]php
  • http[:]//lpequdeliren[.]fun/index[.]php
  • https[:]//triomigratio[.]xyz

Remediation

  • Block the threat indicators at their respective controls.
  • Keeps all systems and software patched against all known security vulnerabilities.
  • Do not download files from untrusted emails or from random sources on the internet.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.