Sodinokibi Ransomware Hash List

Fortify Security Team
Mar 4, 2021

Threat actors using the Sodinokibi ransomware made “at least” $123 million in 2020, stealing roughly 21.6 terabytes of data. Sodinokibi was the most-used ransomware observed by the researchers, accounting for 22% of all incidents in 2020.

36e7e6e082d1e6ee602fc2ca8cc1d93bde4a95aafa891d612ecd39d27101d6fc
4b0d2023b27949eecdfd58fbc714e92662f603d0ffd5978c9a838de0afe884e2
07c872ff0e47c85b0f2af6a03687bc0d336a3d8df1dc3084b6e91d14fae0cf6a
17b477623a227f915e1a0ba5dbd75fc0e10f7de6fa6dda5b0c68f20e527a5da0
4e2f224134e1473a2d03de8b2a95cf19f14009142f4a1b15809bec55edd8acb1
58ca453b81a5506420ef00a945ad3b3841e4ad7d5ecaf1bb983ac3c3db5ab8c1
e5429b79ef182cef74e1678db535f158b916cd2600d130d9b95d0d8722ad4a04
794da0ca9dd97421afd80b3f9aaf6e25dcb969adc296825a439feac58a77025a
4e5c233cf1270e2dac1a35ab36907ee23189fd424625fbcd7da10e49e7ae331c

 

Recent Posts

IOCs Associated with Ranzy Locker Ransomware

The FBI first identified Ranzy Locker ransomware in late 2020 when the variant began to target victims in the United States. Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the...

Conti Ransomware

While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployer's of the ransomware a wage rather than a...

CVE-2021-1675 and CVE-2021-34527 – PrintNightmare

Fortify 24x7 is tracking various public weaponized exploits for a remote code execution vulnerability affecting the Windows Print Spooler service (spoolsv.exe): CVE-2021-1675 and an out of band patch for CVE-2021-34527, also known as PrintNightmare. The vulnerability...

CVE-2021-36934 – HiveNightmare

Summary The default configuration in Microsoft Windows 10 v1809 and newer includes an elevation of privilege vulnerability, because of overly permissive Access Control Lists (ACLs) in the Security Accounts Manager (SAM) database, as well as multiple other system...

Kaseya IOC

Indicators of Compromise agent.crt encoded dropper 2093c195b6c1fd6ab9e1110c13096c5fe130b75a84a27748007ae52d9e951643 agent.exe dropper d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e Payloads...

Increase in PYSA Ransomware Targeting Education Institutions

FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. PYSA, also known as Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on...

Microsoft IOC Detection Tool for Exchange Server vulnerabilities

Microsoft has released the EOMT.ps1 tool that can automate portions of both the detection and patching process and help your organization check for indicators of compromise (IOCs) by running the Microsoft IOC Detection Tool for Exchange Server Vulnerabilities. In...