Rewterz Threat Advisory – CVE-2022-30190: Follina Vulnerability (MSDT) – Active IOCs
July 20, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
July 20, 2022Rewterz Threat Advisory – CVE-2022-30190: Follina Vulnerability (MSDT) – Active IOCs
July 20, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
July 20, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- dbb994438af101f046438148ecf72d9e
- 4138156a254040d95823292baa0e0a7d
- 31a6424ac42011d9de0461438d17386f
- dfa2ef413bbcd6a718995fb79b35c82b
SHA-256
- 15e9d105701cd27c557ac4608e5f0c37af3948437369dbb8ac5b470f6a5e6078
- 667f8920d97c06c9c279032d97d78738ac8da21c8cc755203afc871992fa9198
- fbb36c6e2ad50d9d2406d5f9a325f73bf1590198a9614dce15fc8e7b7c732839
- 29508e8d15422dff61e0c14aa462d47da148db4255474104664d9234a0ff0388
SHA-1
- dea17a0e24becf9bd9d4588b318646d60d785d00
- 2d40770946d7357f5c6648259f828edc36556075
- 6b1e2e600803b6d4725c82b27b238a15230e78a1
- 4e47b5cb1f9481fe4a0d5c514f47ca67af037ee3
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.