March 11, 2025

March 11, 2025

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Rewterz Threat Advisory – Multiple Apache Vulnerabilities

November 4, 2021

Rewterz Threat Advisory – Multiple McAfee ePolicy Orchestrator Vulnerabilities

November 5, 2021

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

November 4, 2021

Severity

High

Analysis Summary

SNAKE ransomware is targeting networks and aiming to encrypt all of the devices connected to them. The ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach. When started Snake will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. It then proceeds to encrypt the files on the device, while skipping any that are located in Windows system folders and various system files. When encrypting a file it will append a ransom 5 character string to the files extension. For example, a file named 1.doc will be encrypted and renamed like 1.docqkWbv.F

Impact

File Encryption

Indicators of Compromise

MD5

7c59a773a5ed487b02c591e7ee29e389
3d233a8f5ccd3d81493680e1d7f3db51
0fe54b2c63c6f5b30b4e3cbae232757e
92a0193db1ae9dcac071d61d7f8bbe47

SHA-256

9403d6afdcd346a716a71b56168441854ff4f3b93c993f5833ca53c05544366b
c22239d4c717803191cc6dd4d415cc7760a90a741b3a737c0644f8f381dfc287
ddd414a1ebb3176dd7d5e612afff1a0c9ddddc21c3be42cc6b137659266e1061
a001105ebd3e74fed6da2d856c0d0d301d5d915cda22e1050d4fd3cdc5ab8168

SHA-1

550a2e78121111e93b5fb2c090e0fd32185a3fec
1c9028993b03b5bb5be78fffe8f0f81c7d1819c0
a17d20734e9bc5ffc007779d51806b6ee6e3ab84
feb2aa93a6f7a446a963e919aebb3fb9a0ca0d35

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple Apache Vulnerabilities

Rewterz Threat Advisory – Multiple McAfee ePolicy Orchestrator Vulnerabilities