Rewterz Threat Advisory – GhostEmperor: Chinese-speaking APT Targets Southeast Asia
August 2, 2021Rewterz Threat Alert – Nanocore Rat – Fresh IOCs
August 2, 2021Rewterz Threat Advisory – GhostEmperor: Chinese-speaking APT Targets Southeast Asia
August 2, 2021Rewterz Threat Alert – Nanocore Rat – Fresh IOCs
August 2, 2021Severity
Medium
Analysis Summary
Spyware.Vidar is a product that offers threat actors the option to set their preferences for the stolen information. Besides credit card numbers and passwords, Vidar can also scrape an impressive selection of digital wallets. This spyware can be spread using various campaigns. Vidar, which originally became active in late 2018, is a family of malware that operates primarily as an information stealer and is often observed as a precursor to ransomware deployment. It enables the capture and exfiltration of data from a system, including system information, browser data, and credentials.
Impact
- Data exfiltration
- Information theft
- Exposure of sensitive data
Indicators of Compromise
MD5
777acfd08570d14671ed2c930e5dab23
e6ed552b84d437e90031f9fc3d41b62a
0cdbf556d7a79cad46bb1764340f3059
a6585d142ccdd83b02e71251666f8da5
SHA-256
1c33eed32ee64e2abbc1b66486b46f93b5ca61d42e384d3dd49810c73f48147f
fd866b4e18b49ef0232eda27280a0d56a9e408792bba4cddded1961fe64e7bf3
c0a92a6da42fcee96230ff476e66ff5f7c89c2bd958497e3effe44d2278d2a54
6752628c342d3c82cb29c6e3457b70d192893d3a4cafb9bd4d8f46d182ef00e1
SHA-1
1e469fe07643d874cc33f4dc743424616b1c7751
a3ef9269bc3a1c10ab532a4e45e674b90802d435
5b2b6a16656b4555b9c56bde65bd1db7449a6b64
d6439a898b492bd9da93b7a4d988e4a1f8fb9ba4
URL
https[:]//onedrive[.]live[.]com/download?cid=A77E36DF7E14E234&resid=A77E36DF7E14E234%21315&authkey=AP6b
KqoKOJpV7pw
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.