Rewterz Threat Alert – REvil Ransomware Linux version –Active IOCs

Rewterz Threat Advisory – CVE-2021-35523 – Securepoint SSL VPN Client Vulnerability

June 29, 2021

Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs

June 29, 2021

Rewterz Threat Alert – REvil Ransomware Linux version –Active IOCs

Severity

High

Analysis Summary

The REvil ransomware operation now uses a Linux encryptor that targets and encrypts Vmware ESXi virtual machines.

With the company migrating to virtual machines for easier backups, device management, and efficient use of resources, ransomware gangs are increasingly creating their own tools to massively encrypt the storage used by virtual machines. On the REvil operation forum, they confirmed that they had released a Linux version of their encryptor that could also work on NAS devices.

Impact

Credential Theft
File Encryption
Information Disclosure
Data Breach

Indicators of Compromise

MD5

395249d3e6dae1caff6b5b2e1f75bacd
e199f02ffcf1b1769c8aeb580f627267
ab3229656f73505a3c53f7d2e95efd0e
96a157e4c0bef22e0cea1299f88d4745
395249d3e6dae1caff6b5b2e1f75bacd
e199f02ffcf1b1769c8aeb580f627267
ab3229656f73505a3c53f7d2e95efd0e
96a157e4c0bef22e0cea1299f88d4745
395249d3e6dae1caff6b5b2e1f75bacd
e199f02ffcf1b1769c8aeb580f627267
ab3229656f73505a3c53f7d2e95efd0e
96a157e4c0bef22e0cea1299f88d4745

SHA-256

ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763
796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4
3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d
ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763
796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4
3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d
ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763
796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4
3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d

SHA1

29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
9586ebc83a1b6949e08820b46faf72ee5b132bca
45404b862e70a7a1b4db6c73d374b8ac19ddf772
446771415864f4916df33aad1aa7e42fa104adee
29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
9586ebc83a1b6949e08820b46faf72ee5b132bca
45404b862e70a7a1b4db6c73d374b8ac19ddf772
446771415864f4916df33aad1aa7e42fa104adee
29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
9586ebc83a1b6949e08820b46faf72ee5b132bca
45404b862e70a7a1b4db6c73d374b8ac19ddf772
446771415864f4916df33aad1aa7e42fa104adee

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Advisory – CVE-2021-35523 – Securepoint SSL VPN Client Vulnerability

Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs

Rewterz Threat Alert – REvil Ransomware Linux version –Active IOCs

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan