March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – LokiBot Malware – Active IOCs
June 9, 2022Rewterz Threat Advisory – CVE-2022-26377 – Apache HTTP Server mod_proxy_ajp HTTP Vulnerability
June 9, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
June 9, 2022Rewterz Threat Advisory – CVE-2022-26377 – Apache HTTP Server mod_proxy_ajp HTTP Vulnerability
June 9, 2022
Severity
High
Analysis Summary
Phobos Ransomware is based on the Dharma malware that first appeared at the beginning of 2019. It spreads into several systems via compromised Remote Desktop Protocol (RDP) connections. This malware does not use any UAC bypass methods. Unlike other cybercrime gangs that go after big hunts, Phobos creators go after smaller firms that don’t have sufficient funding to pay massive ransoms. This ransomware usually targets healthcare providers, with victims in the United States, Seychelles, Portugal, Brazil, Indonesia, Germany, Romania, and Japan. Its perpetrators demand a little ransom payment, which appeals to victims and enhances the chances of payment. The average Phobos ransom payment in July 2021 was $54,700.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- c3ccde9c3fab53d5c749b2186e997bdc
- c75d77ce6144a284bcec84022a5d1166
SHA-256
- c21de9109580e03f0fc0a71c10bfe2923927eb0dfe748bea47d550f1fe7f1715
- 161c471b0aaaf0d7c1f0267ebb837e10fb8c5edfe09b0d00bf2472820f413713
SHA1
- b494a696f4edbbd3831163dfd0f1b5efc134d068
- 72c38863c4367096388766250c70437e84883bde
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.