Rewterz Threat Alert – AZORult Malware – Active IOCs
September 13, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
September 13, 2022Rewterz Threat Alert – AZORult Malware – Active IOCs
September 13, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
September 13, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 9d4fab8236c14b034852db749ada919e
SHA-256
- ad9008d26d70a9b832258541d46e0d66f8ad8aee89e3632725f5d5e526f41dd0
SHA-1
- eb7fd5991b0363d9b425d2df064cef5e5d9f9433
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.