December 3, 2023

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

Severity High Analysis Summary A new and sophisticated Android malware, named FjordPhantom, has been disclosed by cybersecurity researchers. The malware targets users in Southeast Asian countries, […]

December 3, 2023

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Severity High Analysis Summary The notorious Gh0st RAT malware has been identified with a new variant dubbed “SugarGh0st RAT” used in recent cyber campaigns targeting the […]

December 3, 2023

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Severity High Analysis Summary CVE-2023-6033 CVSS:8.7 GitLab Community and Enterprise Edition are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated […]

December 3, 2023

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

December 3, 2023

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Severity High Analysis Summary The notorious Gh0st RAT malware has been identified with a new variant dubbed “SugarGh0st RAT” used in recent cyber campaigns targeting the […]

December 3, 2023

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

August 30, 2022

Rewterz Threat Alert – LokiBot Malware – Active IOCs

August 30, 2022

Rewterz Threat Alert – AveMaria RAT – Active IOCs

August 30, 2022

Severity

Medium

Analysis Summary

AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.

Impact

Unauthorized Access

Indicators of Compromise

MD5

5df3af8a3c32eea44615ccd830e740f2
5c44699ea6278818cfebf6812887142f
a633353fde13ce84622515ab315ffc14

SHA-256

0f05dc006ea6293412d2d18930b1c2aae9cc5099edd93620501c92059c77f243
172297a2448f315029be5d2d4a23bb2ccb39ccede97a88529d4b3cb9fda1e38b
4db351188a3fd12e54ef4791c92d1128e3b006feed216ef24e2f6e91de208e95

SHA-1

82e8f06c22f68b78e350703ef0f52e73bee35c08
e9e45d46d2de016222f1f0a8e4a11db8c6f68481
a379fde869ad9739ff17842a890ec5c3f76cd292

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Alert – LokiBot Malware – Active IOCs