Rewterz

Rewterz Threat Advisory – CVE-2019-1255 – Microsoft Defender Denial of Service Vulnerability

September 24, 2019
Rewterz

Rewterz Threat Alert – Emotet Malspam Campaign Uses Snowden’s New Book as Lure

September 24, 2019

Rewterz Threat Alert – QNAPCrypt Ransomware New Variant

Severity

Medium

Analysis Summary

A new variant of QNAPCrypt Ransomware targeting Linux-based file storage systems (NAS servers) is found. FullofDeep, a Russian cybercrime group operating from the Union State and the Ukraine appears to be operating this ransomware. The new variant utilizes geo-location information in order to determine whether or not the malware will operate. The algorithm the attackers chose to encrypt the filesystem with is AES CFB. The attackers demand to be contacted via a protonmail email account. Below is the ransomnote associated with it.

2019 09 19 172031 1451x435 scrot

Impact

Files Encryption

Indicators of Compromise

Email Address

fullofdeep[@]protonmail[.]com


Malware Hash (MD5/SHA1/SH256)

  • 50470f94e7d65b50bf00d7416a9634d9e4141c5109a78f5769e4204906ab5f0b
  • 8dd59345cc034317630b2ac2ee19b362

Remediation

  • Block the threat indicators at respective controls.
  • Do not download email attachments coming from untrusted sources.
  • Always scan files before executing.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.