Rewterz Threat Alert – Darkside Ransomware – Active IOCs

June 17, 2021

Rewterz Threat Alert – Lokibot Malware – Active IOCs

June 18, 2021

Rewterz Threat Alert – Gootloader – Active IOCs

June 17, 2021

Severity

High

Analysis Summary

Gootloader, the multi-payload malware platform, is actively targeting entities in the US, Germany, and South Korea. The infection chain begins with social engineering techniques that include manipulated search engine optimization (SEO), which brings malicious websites to the top of the results on search engine websites. This fraudulent forum website includes a link that, when clicked, initiates the download of a JavaScript file and then begins the next stages of the attack. Using fileless techniques, the malicious activity can remain undetected by the user and allow the download of additional malware, including the Kronos malware, Cobalt Strike exploitation tool, the Gootkit trojan, or Sodinokibi ransomware.

Impact

Malware installation
Detection evasion
Information theft

Indicators of Compromise

MD5

3ea472d1768368f680304fd5c7c5d8b3
d11ddfbef07b0b4f6151696914a3c925
90ba9e9a55dea15cbd18af945d408fa9
59bf2ddd42966a16570d3c55cc8b69d9
e2700e6b54c0e660578f2ac20cb1d753
ea903cedba764e9c2c499116be48c207
dbbf31645fd10870ce04c0fb36ae309c
35c104067184f8075a2874bef3908090
8acc27ca61b44a3a96477c92dfa343f9
7b2bbd7fba2efdbc4011d3054e75d7ce

SHA-256

a2fd2217ddc92cb2bb31b701ac30b619b5471d19d09de81ada226d429a85d3a1
46c776ee07ccbc05603b99537db9ae6d550813bb6f04eff779f56dde59adab6d
cd4c888d3ca2e7d1dac3e24677862dee39ba2705e27da67c587a51aefb289585
849f42641d367877bdfe1af7f1bba32105374e3afa93d229849849e5c5066d02
6451ad4ee1a02cb1dc8985e410382936fdfb4b26628fe75e0aeee8e2a4610574
26859dfdbadce76b663273e692ad6f094ab4074fd73bcefd72f75ce0f337d01e
c74f456b9ff90d15707f990c789dc37c3db4e07fc5f23871b2a3811b3904a310
386d62068fffb0780903f098a95fc7a9adfe43cf353c2daea45b6e82ae32c48d
42c91e4826facf920ee825d23bb500f3f21d1dadf1706330842cca5584c6d418
dc2017cef34a9cc060856c956e1d0684dbd810684662a66b510b2bfbb7737aee

SHA-1

fffbf5f4eaf8531b6c57253e3a109dcd6810a259
ffdff873f6a13881117e11185000e38c64221145
ffd6a83b96c528609dd53901a78c1233f3b07ff2
ff9c809e5c3b234986e359f23146f366168ef8ff
ff3f6a8195d7f202f125e0cd5e70ac2a5f202b70
fef9107c9eda5b90bc81a231e32ef618cff22561
fec894a0749e480d09312335e65144e54e43eb2d
fea626706aade1f7d9c8c1867cda8a5166b11829
fe822272db082131ed64e682bb9536bb309eb58f
fe633bcf94bd4657bc7c0865e051633b9f68b24e

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Do not download files from untrusted sources or emails.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us