Sunday, December 31, 2023

StopRansomware: Play Ransomware

StopRansomware: Play Ransomware is a type of ransomware that encrypts files on a device, rendering any files and the systems that rely on them unusable. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint Cybersecurity Advisory (CSA) as part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. The advisory recommends prioritizing remediating known exploited vulnerabilities, enabling multifactor authentication (MFA) for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems, regularly patching and updating software and applications to their latest versions, and conducting regular vulnerability assessments. Victims of ransomware should report to federal law enforcement via IC3 or a Secret Service Field and can request technical assistance or provide information to help others by contacting CISA. Organizations are encouraged to implement best practices to better prepare and protect their personnel and customers from cybersecurity threats.

IoC

    CVE

  • CVE-2018-13379
  • CVE-2020-12812
  • CVE-2022-41040
  • CVE-2022-41082
  • CVE-2023-26360

    MD5

  • 09f341874f72a5cfcedbca707bfd1b3b
  • 57bcb8cfad510109f7ddedf045e86a70 (Win32:RansomX-gen\ [Ransom])

    SHA1

  • 6e8582faeaf34f63fbe0083a811bcce1aa6c31de
  • e6c381859f53d0c0db9fcd30fa601ecb935b93e0 (Win32:RansomX-gen\ [Ransom])

    SHA256

  • 453257c3494addafb39cb6815862403e827947a1e7737eb8168cd10522465deb
  • 47c7cee3d76106279c4c28ad1de3c833c1ba0a2ec56b0150586c7e8480ccae57 (Win32:RansomX-gen\ [Ransom])
  • 75404543de25513b376f097ceb383e8efb9c9b95da8945fd4aa37c7b2f226212
  • 7a42f96599df8090cf89d6e3ce4316d24c6c00e499c8557a2e09d61c00c11986
  • 7a6df63d883bbccb315986c2cfb76570335abf84fafbefce047d126b32234af8
  • 7dea671be77a2ca5772b86cf8831b02bff0567bce6a3ae023825aa40354f8aca
  • c59f3c8d61d940b56436c14bc148c1fe98862921b8f7bad97fbc96b31d71193c
  • e652051fe47d784f6f85dc00adca1c15a8c7a40f1e5772e6a95281d8bf3d5c74
  • e8d5ad0bf292c42a9185bb1251c7e763d16614c180071b01da742972999b95da

  • REFERENCES
  • https://www.cisa.gov/stopransomware
  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
  • https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3403814/stopransomware-guide-released-by-nsa-and-partners/
  • https://otx.alienvault.com/pulse/65819d8b1d340924fb83e7b0

TAGS

Play, Ransomware, AdFind, BloodHound, Cobalt Strike

at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...