March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – LokiBot Malware – Active IOCs
June 21, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 21, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
June 21, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 21, 2022
Severity
High
Analysis Summary
The REvil (also known as Sodinokibi) is a Ransomware-as-a-Service (RaaS). The first attack of REvil in middle of April 2019, and attracted huge attention span from the InfoSec world due to their uncanny similarities with GandCrab Ransomware. The group uses different distribution techniques of deploying ransomware such as exploit kits, scans and exploiting various vulnerable software (Oracle WebLogic), RDP servers, and backdoored software installers. Revil has made estimated over $100 million by infecting large business owners and they threaten to publish data if the ransom money is not paid by the victim.
Impact
- Data Encryption
Indicators of Compromise
MD5
- f0c97dcb65a030a214f6dd33cf4a8566
SHA-256
- ed49b23df7defab3df933c778183b12c019ab253330090f214f4bb5c2f89bcbc
SHA-1
- b23175fa1d3989baa2e3d8b5c7192554c24abf18
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.