Rewterz Threat Alert – Shodi Malware – Active IOCs

Rewterz Threat Alert – Vtflooder Trojan – Active IOCs

June 6, 2022

Rewterz Threat Alert – DarkSide Ransomware – Active IOCs

June 6, 2022

Rewterz Threat Alert – Shodi Malware – Active IOCs

Severity

Medium

Analysis Summary

W32/Shodi-F – a virus targeting Windows platform – seeks to infect all files with the EXE extension, except for specific Windows system files. W32/Shodi-F specifically targets Scandskw.exe, Winmine.exe, Sol.exe, Pbrush.exe, and Notepad.exe files in the Windows folder. After targeting, it creates a thread to look for additional exe files on the system, including any open network shares to the infected host. W32/Shodi-F drops Troj/Remadm-C, a remote administration Trojan, and also drops JPG file to the Windows system folder with the USR_Shohdi_Photo_USR.jpg filename.

Impact

Information Theft
Credential Theft

Indicators of Compromise

MD5

ace907db1b6e99104557a69bebe4af90

SHA-256

c71c2087660e20f17c37da599a443bc90689cc1904728d66f90b3943a22a579b

SHA-1

b34d603fc443cc952e9860ba5a1c9c357cd96f95

Remediation

Block the threat indicators at their respective controls.
Search for IOCs in your environment.

Rewterz Threat Alert – Vtflooder Trojan – Active IOCs

Rewterz Threat Alert – DarkSide Ransomware – Active IOCs

Rewterz Threat Alert – Shodi Malware – Active IOCs

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA-1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan