Request a Demo
Rewterz
Rewterz Threat Alert – NetWire RAT Malware – Active IOCs
August 30, 2021
Rewterz
Rewterz Threat Advisory –CVE-2021-36744 – Trend Micro Security Vulnerability
August 31, 2021

Rewterz Threat Alert – Troldesh Ransomware – Active IOCs

Severity

High

Analysis Summary

The Troldesh ransomware was detected back in August 2019. The criminals that were behind the attacks were using hacked or specially made sites in order to deliver the infection. When the victims click on them they will automatically launch the dropper script which in turn will lead to the ransomware infection. Troldesh Ransomware carries out a similar attack to most encryption threats. Troldesh is an extremely aggressive crypto-ransomware that originated from Russia and can open a communication channel with victims for payment instructions. Through the opened communication channel, the price that is asked to pay for a file decryption key may be negotiated in some aspects.

Impact

  • File Encryption

Indicators of Compromise

MD5

  • 78e69723f1442f1b34a74de9430bcdd5
  • 58997a369e34e552ff93b260c4719bf0
  • 02e8c7af3724ff535da627197920ad14
  • 7c8548dc28e0e2b14cfb953f4d2690b3
  • 8b4c5d6e31e1ea1092535caef347772e
  • ca13f4913d90017fd5cd552b30c25349
  • 27e765ba494c9f2c1228f57455642fdb
  • 13ff5145f905b197eee478e565e30f4e
  • bb8fce33b3478355c5a6c4f52f6ff83b

SHA-256

  • 62214ccdcb1052b518e6059060daec143430c1ae13a799873ebabea7f3eae217
  • d23c897e7bb23a6a525d1206dc792f0b81c34b4cce433614c08ce87aecd247fe
  • ed801a3e54843afe989aadd69cdab5e6fbf00e8e02742f354519b4b16de8f31c
  • e32998012af31476e39dedb2f725269dbd0a165d74b53a32e5e359da3a01221d
  • c197da0fda316a92c66744bf13c77891e9f39cc10fbfebc42285a8b4761440b5
  • 25c3a5bf8a33e941286f5f271843a480e4f8669086eac047abdfd6f8d5f96a06
  • 8025918ab649e33642c4eb74c2814397e971d5ab68e631e91649354c8dec2be5
  • df2894b4298be05620b329d27bf0b45314629316fd6a082b6d90bbdfe9bf5a53
  • 6192163bbb9343a274904093b94d6b12111a88bf24b58cbf9ed2c1463503e022

SHA-1

  • 99988ae1025773dc0ff9028edf700acb1d86f846
  • 1f0b79055c952aaf60799baf5b614331416ccef3
  • 794bd6f52a9673e1146321fa2545c580858c0d5f
  • e70a729a4bbc5de08fa4461d3ba43098cb17b3b6
  • 0b58bbedb4441f1585a6ce41e1bc53a3ac771c9b
  • c620800477ad9d2b4e6939847f58ec05aaee0d1d
  • 7dc8e7af1f2edb7cf2e70c4662f2431451829445
  • 5d983937eeb3ce1455eed52bb478c84d54d64f81
  • 81ed80cb69b5c6e65bff71b8c53160a467099475

Remediation

  • Block all threat indicators at your respective controls
  • Always be suspicious about emails sent by unknown senders
  • Never click on the links/attachments sent by unknown senders