• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Anchor Malware Targets Point-of-Sale Infrastructure
January 7, 2020
Rewterz Threat Alert – 3rd Party Tools and Windows 10 Apps Killed by Clop Ransomware
January 8, 2020

Rewterz Threat Alert – Sodinokibi Ransomware aka REvil Encrypting Files

January 7, 2020

Severity

High

Analysis Summary

Sodinokibi ransomware was found infecting systems via Microsoft Office documents. After encryption, the following ransom note is found on infected systems. 

image-1578397927.png

The ransomware demands a ransom of $850k or $1.7m for decrypting the files on target system, as below.

image-1578398033.png

Impact

  • Files Encryption
  • Information Disclosure

Indicators of Compromise

MD5

  • 4903f3effb98da65c49bb9591c16615d
  • 3ad4c27f8d0e7135f401474811bd9b25
  • 853ab7bdeecf03306178f4af40eff694
  • b4fe61c29e23014fdab44ad0d8df1d2d
  • 395015986431f15f5bfd25aa1966ccb0
  • 27c8b1cb19c4f6df337dff38ab1f3592
  • 85de4dc5e49dbafcf3da67434f013733
  • a63cdd7c9362540da0fc61db193f9a93
  • 6a85fe97ccaa29d09e5df824d4eaad59
  • 8b24ea434d60f99e1ff50810fb8d28da
  • d8e850611733076fc9d523b586e76ff7
  • f45b3caa097afbdd50358ede4042a88f
  • 6640d80b412edfbdd836a5c3808a7748
  • 722e15d85827d3ac13e56e8108688012
  • 9d78f811a13af1cee9ee635a9dd3f10a
  • 1ebf922138d1d821c11bac32b63d3b2d
  • c932f03098bcfea3f7a6c7bf11c0d653
  • 6bf8720c0741f11219f38e747392b73e
  • c37804708ee284575f87bd0e365be9d9
  • 3846bbbb0efc50218aedd4a4ef3d877a
  • f7f3fd2b59b0979bb7c8265122547f9a
  • b64f01f8a72ec9c9670909b4ce1a9b4f
  • c12c84d72868e4c4be6af913d62da2bb
  • 4fe625f696602d23e0c1129ee8c609c9
  • 579ebea24bc90cf01b7ba3e6c376f06b
  • 6df070be3d54fb2f6eb4ac1a3415857b

SHA-256

  • 42996516b6604ba136ff909d9b59d2a676a72eaafa30c729cdfaddd96b20fc83
  • 2011f4ed15d6ad002670fdfe8fffc2fbd7cff4c8e7bd9d16746f9884a79a24b1
  • 5cb49636a0d759cf24bd19ce17003a62f1e8d4d076844b9110af8b9172413508
  • 12bb06bc5da9d7f24634bb37a809ad69896c2eb47b7957846124fe09fbf573bf
  • 0e468c960706b3f4181f54a35650b8edbd0960785dda89a72cdd1e5d600f188b
  • 9a253acfa25c1feefe603a9b8060d997c34aa110f0d1811005eb1f5ca28d2795
  • 7549bc8a7c896dae3f1026dfeeba7d4e0990b896e8715cef55f88763b2aa3908
  • ba68f6b7d0be7f6abcbd6679627ed61fac0d0044f05ddbca38b564f1b27bef48
  • c678c05b05790006e56a25659eaa97520f426c6b2bbd7ccfb3ea30cc46d672f9
  • 5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2
  • b7e7878b4f87f1b29fb3c7002d90196c69bffe1eb70ae08d2563b79e1bc41a06
  • 9106117da853d8baa45ff6fdbf1ceada81dd4c2ce896787e445170a8d8c13148
  • a4b205d9ebfe4b6b08f4ead27a79aea247215df4463f9e95c9cfe1db7b30b02a
  • 578e1b00157447f99716b646af6b0c33d0f6c32257a19376d6cc9d003ff0fba1
  • b7b136e1efb27c05f80163b6ba73575b4430d7326b07cb629d23794f0049c1a6
  • 68a35bd6540394cd28a8c8271dbf2befc4a839aa53d1ba28f9ed81f411a09c01
  • 515e79a2813ecc480d47480275b18426e281d77488ac2dce669f00dc41d4b6ce
  • 1e1589de70ea7ebad976aa1c1ebdb32e0695ee268aa5f7f8ac834ed3960a4803
  • d6a0b7812b3ee8fbf81d40db94094facc25645689f4109e5d7983e8cb49990ec
  • 4c15a0bfdc8af00dd509aa990c2d7926ee7c714da88a767ee7f4e5276094de6d
  • bb7707d5672a409d7b69356ca1f2ed947bc5c76a683431c8b636e60845fa17ed
  • 4d7bb7fc137d4e4db98835612daa8e4f36b365dad71bd5c763521d7e8a29915a
  • f4e2cf1a788a104226e6c577ad19c8570624371f8563a3ec0e9cb43501c18665
  • 9bc861c341955bbbb8ac281b7195ee238b068981b7212375c93e6e4cd5ff2a04
  • 830a8208fe916dabfc1ee63c3e889d8277fbae954a9b00d64b2c920e1d9a2536
  • a49fe8df263baded151476232daafd20122f7a66325c2fc6395c965296a8d746

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files from random sources on the internet.
  • Do not download files attached in emails coming from untrusted sources.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.