• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz threat Advisory – CVE-2019-1904 – Cisco IOS XE Cross-Site Request Forgery Vulnerability
June 13, 2019
Rewterz Threat Alert – Point-of-Sale Breach – Indicators of Compromise
June 13, 2019

Rewterz Threat Alert – Buran Ransomware

June 13, 2019

Severity

High

Analysis Summary

A new variant of the Vega ransomware which is named Buran. The ransomware is being delivered using the RIG exploit kit. Once installed on to the victim system, the ransomware is written to a file (ctfmon.exe), then executes and begins the encryption process. As is typical of ransomware, there is a list of certain directories, files and file extensions which are not to be encrypted. Files that are encrypted have the victim’s unique ID appended as the file extension and the word “Buran” prepended to the head of the file.

Impact

File encryption

Indicators of Compromise

Filename

ctfmon[.]exe

Email Address

  • polssh1@protonmail[.]com
  • polssh@protonmail[.]com

Malware Hash (MD5/SHA1/SH256)

0bed6711e6db24563a66ee99928864e8cf3f8cff0636c1efca1b14ef15941603

Remediation

Block all threat indicators at your respective controls.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.