• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – MuddyWater Associated Blackwater Campaign New Anti Detection Techniques
May 23, 2019
Rewterz Threat Alert – APT28 or Sofacy/Fancy Bear Returns With New Malware
May 23, 2019

Rewterz Threat Alert – Satan Ransomware’s Evolves with New Propagation Techniques

May 23, 2019

Severity

High

Analysis Summary


Satan ransomware first appeared in early 2017, and since then threat actors have been constantly improving the malware to infect its victims more effectively and to maximize its profits.

Satan ransomware uses several methods to propagate across both public and private networks. It implements multi-threading to increase the efficiency of the attacks. When propagating across private networks, a sweep is performed to identify all hosts on the victim network. For public networks, the C2 server defines the IPs that should be scanned by the spreader. Once targets are identified, exploit attempts begin by leveraging SSH brute force attacks and numerous web exploits. In the case of the Windows spreader, the EternalBlue exploit and Mimikatz are also used. After attempts are completed, the spreader notifies the C2 server of all executed exploits. The most recent variants of both the Windows and Linux spreaders added exploit payloads for Spring Data, ElasticSearch, and ThinkPHP vulnerabilities.

Impact

File encryption

Indicators of Compromise

IP(s) / Hostname(s)

  • 111[.]90[.]159[.]103
  • 111[.]90[.]159[.]104
  • 111[.]90[.]159[.]105
  • 111[.]90[.]159[.]106

URLs

  • http[:]//111[.]90[.]159[.]106/d/conn32
  • http[:]//111[.]90[.]159[.]106/d/cry32

Malware Hash (MD5/SHA1/SH256)

  • 54a1d78c1734fa791c4ca2f8c62a4f0677cb764ed8b21e198e0934888a735ef8
  • 02e1a05fdfdf4f8685d92ba09d698b8be66ae6d020dc402ff2119501dda9597c
  • 51f2e919a7ecfb3b096ddcb71373e86e81883b4b59848d2f6f677f9e317a8468

Remediation

  • Block the threat indicators at their respective controls.
  • Never click on the links/ attachments sent by unknown senders.
  • Always verify about the emails sent by unverified/ unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.