November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – DJVU Ransomware – Active IOCs
June 24, 2022Rewterz Threat Advisory – CVE-2022-20829 – Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Vulnerability
June 24, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
June 24, 2022Rewterz Threat Advisory – CVE-2022-20829 – Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Vulnerability
June 24, 2022
Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- c05194a34faeb51eea77515249534d10
- 2683466cdf2dc03daadf9e662ddff62a
SHA-256
- 9d2aeb602bc3f0bc7b42932f1cd2f511f7c17a107049da2f0a8a563f60c60124
- a9ac75cfefcd9fa342824e3253580b212488a246b4f6966d829dc30e9566e9bc
SHA-1
- d24a2549c3bbb23e6b8899831be4d9e9b44c496b
- 9dbb8ee9ca4aa2f4f3193c64549f3e3f4e2e4362
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.