November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2022-3154 – Shortcodes Ultimate plugins for WordPress Vulnerability
November 7, 2022Rewterz Threat Advisory – CVE-2022-26375 – Mammothology AB Press Optimizer plugin for WordPress Vulnerability
November 7, 2022Rewterz Threat Advisory – CVE-2022-3154 – Shortcodes Ultimate plugins for WordPress Vulnerability
November 7, 2022Rewterz Threat Advisory – CVE-2022-26375 – Mammothology AB Press Optimizer plugin for WordPress Vulnerability
November 7, 2022
Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- a2d3a0a25ad857feb39139d13f159260
- a92ae69556cdbd1e759c120f8dfa4942
- 41bd24a58f2468560e7684eb6b76fbb1
SHA-256
- 1e976ddf25e801a6c002fb1e4db2f1237ba4c6bb7cc2e6bdf52c8471e166b801
- 8bbf01c82d53115249d7861bb2a55b81c85802dd0989f31941e868bc1b515b01
- aab864aea7474cbd925f0d40067c7a66872c732ca69f65d7448f646db10b4e67
SHA-1
- cb96731e9a2a1403852a05b58959f6f0d15fe557
- 06f19339481bdf10e54118c045588d27f22791ad
- 11106dcd3cb0f1d2ab54310fe47f2e7401d25e09
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.