Rewterz Threat Advisory – Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

July 7, 2021

Rewterz Threat Advisory –ICS: Moxa NPort IAW5000A-I/O Series Serial Device Server

July 7, 2021

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

July 7, 2021

Severity

High

Analysis Summary

SNAKE ransomware is targeting networks and aiming to encrypt all of the devices connected to them. The ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach. When started Snake will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. It then proceeds to encrypt the files on the device, while skipping any that are located in Windows system folders and various system files. When encrypting a file it will append a ransom 5 character string to the files extension. For example, a file named 1.doc will be encrypted and renamed like 1.docqkWbv.F

Impact

File Encryption
Data Exfiltration

Indicators of Compromise

MD5

22e97bbfeb68921f0258f7ca484c426b
6520d107d44290d2a4e86584fae04098
730c3e11f32160328a8ec15631e91b52
6d6c0ae7c70949adcb64781f56b9b9b7
fed83d37cbd4ab15e8587c17257bfd59
5884c08f7eb5490047e223bdaaa8a4a4
85522dedf93b183413387b60937ba822

SHA-256

b2f77c882bdce0ff80269d0d2036243227eb3ac3bf3fd6d848c32b80df820337
c1867a9ca079748693936a36b32d38eac98203bd120dd82bc6a2c9141f686200
84a07c64cd318963d10bad4eead98e7f186f136d7e74725cabac4246b56e1712
c0122aead3c5a7b1a3a8d5f5cd7dcafa2ea0966d08cd4480ee041f5dd8eae89d
1fec8f73f9d81a56157b4457c26fbbcd175fda95a2b9c77aaa2fab99c1a776dd
3914a1dd5bbef9edeceffa718d5006dce7347b1a3019b452ce754605c0e32e2e
0625021c787b2f711eb6fadc44856a9f001037bcb29686b910c557316bcbf212

SHA-1

a81d9d5e0419cab8126b7bab8fcb2a47b88acc21
1bd7d2b85e178b32cde2d3bd0d42e47c8779ec70
aa411afd2e805b7bec40090290df4ced6cb41c29
3d938edf50d032f3b4389cf89ff6cde0f5273d14
f16f4fb435fbf34602a0f26a7e0ec768e4031142
e69e691975d326f2a8dcad262c3c89e896884fa0
79a49beed68e4541cc6b32e785a20fa9afeea723

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

Rewterz Threat Advisory –ICS: Moxa NPort IAW5000A-I/O Series Serial Device Server