• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2022-30189 – Microsoft Autopilot Device Management and Enrollment Client Vulnerability
June 15, 2022
Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
June 15, 2022

Rewterz Threat Alert – AveMaria RAT – Active IOCs

June 15, 2022

Severity

Medium

Analysis Summary

AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.

Impact

  • Unauthorized Access

Indicators of Compromise

MD5

  • 0c2a145c133fa0a00abc2ddc472a5b46
  • 20a94c1150550772013e971f6151ba46
  • 953d07805442896fe9f5698a0e2e942c
  • 95221b128e2ea58c86fb21b321b1dc03
  • 62243d187e189f1f193b7ebb99d45a8f
  • f034363ae1a5c32124e809f18b3cceea
  • 73e1ab13d800e7d474a00b8358748fce
  • 6fe5939a4a600e12921d7b22b381f7b3

SHA-256

  • fbc82a6d085f7bf19959040ca3f5f6445c3b3d12b0f7af0ec8fcd85663a2e931
  • 6f178549e4142e5c18653b7b0391b1e5025b320420a52eae4cfe74a83ea73e96
  • cb9db1a34e9db61f443aedf69b1cc605ef088b1e38d990cce2115f10d4b057c4
  • d83aa0f6cae89cd0af385215ba7b08b997f876a1c87b60a14ff05fe1e1dccb8a
  • 933aa9ff331533ee82a1d70637f87f67df0e2510799f30e0bab35bc75c0a48d0
  • 81d0a8bc64c38faae2f075becf4ddb2f41d8c3539d25ba2e9cbefc48e945d76c
  • 4c80b15f618430bbdf83f50f013a96c559f99effbfb0a8812f10bfddd086064b
  • 72b22fc9be1cc59b6b8677642a4803eeeadebe06987b78db80e5149de5f7f44b

SHA-1

  • 4aae6010f1f864403389bf5bbd2632ad8b53925d
  • bd86e36a5035778229a2daebc94e006e293f436b
  • 2d784e35df6b9ab6e70feab8eaa2b9ac9582a0a9
  • a01027a00b163f4f0d77b4adf74a5b5a8ecc8315
  • 2cfa0c2693e99a3d646e214cce0c7177c21b4b19
  • c7743f95aee8a5b99fc5431719998c43e4773943
  • 5e4fc3d85aad55759178396aafc977ca5a632808
  • 3de1d7d51d99e04e0e45a963ebff0a83a0581573

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.