Rewterz Threat Alert – Zeppelin Ransomware – Active IOCs
June 23, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
June 23, 2022Rewterz Threat Alert – Zeppelin Ransomware – Active IOCs
June 23, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
June 23, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 11029ba0e32dd0001f08892b2966bf36
SHA-256
- 4011af74cd36724f99797e673a8eddc24f389dd5fddb51e58e6e3c90d4816b3d
SHA-1
- 8431c4448e3436fd91ea962d4df540cd3f3b684c
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.