• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – WordPress Comment Cross-Site Request Forgery Vulnerability
March 19, 2019
Rewterz Threat Advisory – CVE-2019-0274 – SAP Mobile Platform Denial of Service Vulnerability
March 19, 2019

Rewterz Threat Alert – STOP Ransomware has a New Feature – Azorult

March 19, 2019

Severity

Medium

Analysis Summary

STOP Ransomware was observed distributing DJVU ransomware in January for its malicious components and now installs the Azorult trojan to harvest data. STOP ransomware will download malicious extensions to encrypt the files installed in a victim’s computer. The ransomware will upload the target systems encrypted files on the attackers C&C server.

Impact

  • STOP Ransomware 
  • Loss of credentials

Indicators of Compromise

IP(s) / Hostname(s) 77.123.139[.]189
5.8.76[.]184
185.178.47[.]61
213.226.125[.]171
URLs hxxp://ymad[.]ug/tesptc/ck/updatewin1.exe
hxxp://ymad[.]ug/tesptc/ck/updatewin2.exe
hxxp://ymad[.]ug/tesptc/ck/updatewin.exe
hxxp://ymad[.]ug/tesptc/ck/3.exe
hxxp://ymad[.]ug/tesptc/ck/4.exe
hxxp://ymad[.]ug/tesptc/ck/5.exe
hxxp://ymad[.]ug/1/index.php
Malware Hash (MD5/SHA1/SH256) a2dac478bcee3aea90c06bfe26967553
28718842db30861e4a8afd02e2a9a1720ee651a7
1dabaae66931e6414803313adee4d7b5305acba3ad539f49b6aba65f10f809a6
5b4bd24d6240f467bfbc74803c9f15b0
c17f98c182d299845c54069872e8137645768a1a
14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
996ba35165bb62473d2a6743a5200d45
52169b0b5cce95c6905873b8d12a759c234bd2e0
5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d
e3083483121cd288264f8c5624fb2cd1
144a1dd6714ff4b5675c32f428d1899e500140a5
114ccacb7ca57c01f3540611fdf49e68416544da8d8077f5896434a4b71b01dd
0e3a899fca9dae1a119a6ac894167b06
a7271e9a20f7da6287c0a967c195fcd4a190d179
5c258f35e2b9b6997464631e1178841d090a47f3b43d1f6f54621128d352d2f3
76d9c9d7a779005f6caeaa72dbdde445
34efc6312c7bff374563b1e429e2e29b5da119c2
b61991e6b19229de40323d7e15e1b710a9e7f5fafe5d0ebdfc08918e373967d3

Remediation

  • Block threat indicators at your respective controls
  • Do not click on any attachments/links sent  by unknown senders
  • Always be suspicious about the emails being sent from unknown senders
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.