Rewterz Threat Alert – Syrk Ransomware Targets Fortnite Users
August 23, 2019Rewterz Threat Alert – Mastercard Reports Data Breach
August 26, 2019Severity
Medium
Analysis Summary
Command and control (C2) servers for the Emotet botnet appear to have resumed activity and deliver binaries once more. This comes after being inert since the beginning of June.
Although it started as a banking trojan in 2014, Emotet changed its course to becoming a botnet that delivers various malware strains.
Emotet is now one of the top threats, its infrastructure being used to distribute Trickbot, another banking trojan, and then spread the Ryuk ransomware. This combination is dubbed ‘triple threat’ and has affected public administrations in the U.S.
Impact
- Exposure of sensitive information
- File encryption
Indicators of Compromise
IP(s) / Hostname(s)
- 104[.]131[.]11[.]150
- 104[.]131[.]208[.]175
- 104[.]236[.]151[.]95
- 142[.]93[.]88[.]16
- 144[.]139[.]247[.]220
- 159[.]89[.]179[.]87
- 162[.]144[.]119[.]216
- 162[.]243[.]125[.]212
- 170[.]150[.]11[.]245
- 176[.]31[.]200[.]130
- 177[.]242[.]214[.]30
- 187[.]163[.]180[.]243
- 195[.]242[.]117[.]231
- 216[.]98[.]148[.]156
- 217[.]13[.]106[.]160
- 31[.]12[.]67[.]62
- 45[.]123[.]3[.]54
- 45[.]32[.]158[.]232
- 46[.]101[.]142[.]115
- 46[.]105[.]131[.]69
- 64[.]13[.]225[.]150
- 69[.]45[.]19[.]145
- 70[.]32[.]84[.]74
- 75[.]127[.]14[.]170
- 91[.]83[.]93[.]103
- 159[.]65[.]241[.]220
- 128[.]199[.]78[.]227
- 216[.]98[.]148[.]136
- 109[.]104[.]79[.]48
- 205[.]186[.]154[.]130
- 69[.]163[.]33[.]82
- 43[.]229[.]62[.]186
- 72[.]47[.]248[.]48
- 216[.]98[.]148[.]157
- 88[.]215[.]2[.]29
- 213[.]120[.]104[.]180
- 200[.]57[.]102[.]71
- 190[.]113[.]233[.]4
- 186[.]15[.]83[.]52
- 190[.]13[.]211[.]174
- 187[.]188[.]166[.]192
- 190[.]117[.]206[.]153
- 125[.]99[.]61[.]162
- 200[.]32[.]61[.]210
- 187[.]242[.]204[.]142
- 104[.]131[.]58[.]132
- 128[.]199[.]78[.]227
- 182[.]180[.]92[.]102
- 125[.]99[.]106[.]226
- 190[.]186[.]203[.]55
- 181[.]175[.]142[.]212
- 189[.]209[.]217[.]49
- 175[.]100[.]138[.]82
- 189[.]213[.]62[.]223
- 182[.]176[.]132[.]213
- 182[.]184[.]72[.]199
- 177[.]246[.]193[.]139
- 41[.]220[.]119[.]246
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the link/attachments sent by unknown senders.