Request a Demo
Rewterz
Rewterz Threat Alert – New Android Malware – Active IOCs
April 6, 2022
Rewterz
Rewterz Threat Alert – Pandora Ransomware – Active IOCs
April 6, 2022

Rewterz Threat Alert – FIN7 APT – Active IOCs

Severity

High

Analysis Summary

A financially-motivated advance persistence threat group has been active since at least 2013. The group has been targeting restaurant, retail, and hospitality sectors since mid-2015. It has been regarded as one of the most successful criminal hacking groups to ever exist. REvil has also been used by the threat group until they reated their own RaaS (Ransomware as a Service), Darkside. The group has been behind many notorious hacks of 2018 and has also been linked to Ryuk.

Impact

  • Information Theft and Espionage

Indicators of Compromise

Domain Name

  • findoutcredit[.]com
  • againcome[.]com
  • modestoobgyn[.]com
  • myshortbio[.]com
  • estetictrance[.]com
  • internethabit[.]com
  • bestsecure2020[.]com
  • chyprediction[.]com
  • domenuscdm[.]com
  • spontaneousance[.]com
  • fashionableeder[.]com
  • incongruousance[.]com
  • electroncador[.]com
  • astara20[.]com
  • coincidencious[.]com

MD5

  • 0c6b41d25214f04abf9770a7bdfcee5d
  • 21f153810b82852074f0f0f19c0b3208
  • 02699f95f8568f52a00c6d0551be2de5
  • 0291df4f7303775225c4044c8f054360
  • 0fde02d159c4cd5bf721410ea9e72ee2
  • 2cbb015d4c579e464d157faa16994f86
  • 3803c82c1b2e28e3e6cca3ca73e6cce7
  • 5a6bbcc1e44d3a612222df5238f5e7a8
  • 833ae560a2347d5daf05d1f670a40c54
  • b637d33dbb951e7ad7fa198cbc9f78bc
  • bce9b919fa97e2429d14f255acfb18b4
  • d1d8902b499b5938404f8cece2918d3d

SHA-256

  • bac99f7a488ac0499ea1636f4d16dd3dfca2c1c4ebff06c3374d194ce16b8233
  • 454afe23c5e0c3d535e5f0794e838ca98fb23a55181a657aa1004df814ea1ddc
  • abdddde8d3119f3935c28dd0879eeb4fe59885eb93614abad15769d14fbc7a30
  • da8df0a03ece4e0920b4afc5a7cbcf23c931b6695393887600b39b555336f2ff
  • 42393d0298648797713736bde2f7214d06719ca2fe5c8b87f924fa1a068dfa38
  • 3390c4226ba6d21608d20d8ac51d5b4ae0021292de8283a2097588f98e484d7b
  • 19b0a642622fbf87b385200441bdda250cf0278063525ed6e35ba7210a75af2d
  • 76d1a3079b3ef08c5fbf4476f6479ddba0a5e20fd712e5b6acadafae6f817696
  • 850edeafd3924538ec806649ad6eeec66fd92916dbd4693bfa91c582c62299a5
  • f5848d5c3093599ab286f0815825db0a5eee04b82c4f76d579a546abb21035af
  • 959bd563362a4bde2c1632c89e2cdc574b6f36919d873ed5e3e156591304a8da
  • a8592747024715d3b0effdac95345bc8956e09823ff429887f4f9c56085515fa

SHA-1

  • 805ab904bfd0a55413b10105ff9d97acf54653f5
  • fa37e0d44dc8846f4b8a4153580623d2dff7a22e
  • 1fede854ee97098efff357fd8b19d1e8d971e9d1
  • 4d6d466154f6e20e7fbcee0c5059db42888f42f9
  • b27fa4ebce6fa7e6c1283af43cb3d1659091a59c
  • 8782092c4e64fb45c9d88efeae9ae6ee793259d1
  • 7d61adfad363508666bd20e11f992eecf56449da
  • 3b1e7d91ae17a3016384f6cc30ee75620cc6f4a9
  • 3b1bdcba0926786c0d621a59894cffa8b0d0e4de
  • 6de22d1ad5a30f18651a9ddef361fcdf27094888
  • ccd307e8e4b962fd09dcaa27b28c8bcb1e6391cf
  • 9016f1b6328d6601059127be555f84eb732e2718

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/ attachments sent by unknown senders.