Rewterz

Rewterz Threat Alert – Remcos RAT – Active IOCs

September 13, 2021
Rewterz

Rewterz Threat Advisory – CVE-2021-33193 – Apache Mod_Proxy HTTP/2 Vulnerability

September 14, 2021

Rewterz Threat Alert – WannaCry Ransomware – Active IOCs

Severity

High

Analysis Summary

WannaCry is also called WCry or WanaCrptor ransomware malware, this ransomware can encrypt all your data files and demands a payment to restore the stolen information, usually in bitcoin with a ransom amount. WannaCry is one of the most dangerous malware ever used for cyberattacks. The attackers behind WannaCry ransomware uses a tool called Eternal Blue to exploit a vulnerability in the Windows Server Message Block, or SMB Protocol. WannaCry ransomware have caused serious disruptions in healthcare sector and financial sector and locked out users from their data.

Impact

  • File Encryption

Indicators of Compromise

MD5

  • 3983f0ebeec88b8005724a203ae27180

SHA-256

  • ed492db95034ca288dd52df88e3ce3ec7b146ffd854a394ac187f0553ef966d9

SHA-1

  • 9f34d48eae30b6da0a5c5297a873f989a49e10e8

URL

  • http[:]//iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
  • http[:]//www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

Remediation

  • Block all threat indicators at your respective controls
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.