• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Emotet Targets Victims With New Email Templates
January 1, 2020
Rewterz Threat Alert – Ouija Malware – IoCs
January 1, 2020

Rewterz Threat Alert – Kraken and LockerGoga Ransomware – IoCs

January 1, 2020

Severity

High

Analysis Summary

IOCs associated with LockerGaga.exe and Kraken.exe have been retrieved. Lockergoga is a ransomware that can spread laterally through network connections and network shares, resulting in widespread file encryption. Security researchers informed that the ransomware spawned a new process for each file it encrypted, making the encryption process to be very slow. Once it has encrypted files, it appends the extension .locked to encrypted files and leaves a ransom note on the desktop like this. The Kraken ransomware encrypts data on the disk very quickly and uses external tools. Kraken encrypts user files with a random name and drops the ransom note demanding the victim to pay to recover them.

Impact

Files Encryption

Indicators of Compromise

MD5

  • 3e074f0758b02720e38058f0d5383fa0
  • e11502659f6b5c5bd9f78f534bc38fea
  • bcd2a924ee16f3a2ed4b77d0c09fc3a0
  • 6ac062d21f08f139d9f3d1e335e72e22

SHA-256

  • 995ba2f6445871692ff6abeaf5ff3e987b5d7270053506912a9ae7f33448e049
  • c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15
  • b639e26a0f0354515870ee167ae46fdd9698c2f0d405ad8838e2e024eb282e39
  • 564154a2e3647318ca40a5ffa68d06b1bd40b606cae1d15985e3d15097b512cd

Source IP

  • 88.99.66.31

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files attached in emails from untrusted sources or random sources from the internet.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.