Rewterz Threat Alert – Cuba Ransomware – Active IOCs
May 31, 2022Rewterz Threat Advisory – CVE-2022-22361 – IBM Business Automation Workflow and IBM Business Process Manager Vulnerability
June 1, 2022Rewterz Threat Alert – Cuba Ransomware – Active IOCs
May 31, 2022Rewterz Threat Advisory – CVE-2022-22361 – IBM Business Automation Workflow and IBM Business Process Manager Vulnerability
June 1, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 894b7d3f75426ec30df2a56b4d5d1ffb
- edc7f31febc71528d9d9e2af9593d688
- 636ce8b93a1a496f5b6dcf8dce9cb9ce
- 81ad5f6591a3bfc6cc429e76c6720f75
- 1b4e35d189156a31a1c9240f239a9401
- ba71686246c45e63b056d6068185acb7
- aaaceb8dbbe836cdb11713e8dbf807fe
- 58a274e7501e7ae8822e8ad84c0a672b
- 8b766d5b8815e267c1e36a89b5723ba8
SHA-256
- d6e6f22079850c2b0a5404e9372a5580551b513ce740330bdd97ada8d162a191
- 22cdf9f3341f67fc5b6e088a0272c7dff1d0af01f923757d534230ce3327fc6a
- 4d69d33f1488ca900dac7d704c5eee62828570fe41b1a209e9ec847bcab2a66d
- 54604a231ce945d911f446ff801569ec594631953cb3d652f08a9881f1e71517
- 68f7d9466fedd43a39847ac9bdcc537c888403230b6a9796e48e8650d2cd99d2
- d78cdb363a6cfd9ea8dd96606495eb5ffc7ede3a0ce74cc56d6b06923204d460
- e147a9007c186f10948ac44a4acf4c59c7692cc34c9219328386830ac977e6ca
- a9f8e334d51264559ec5f428d848ec7a6eeedd3b8c6bffb981088cf1749a08db
- 0e8fe8321d3ae4c7edcf58b0048285b630e63c3a1ee17222349cfe32c1b46293
SHA-1
- aa04c249fb70fc613efbacc4a0e2913563c62143
- 07dd0ed319814c14b073d0b11bcb312646d044d7
- f6729a4117be9d23a5d3461e9a6bf7e55ab9429e
- 8040236b2cb162709ce2cdc244b98a559c2cad13
- 57621bbb7cc58110e7ff592cda62b25e2ef02189
- 73d2f47e00223accf4831d59c3ab377ad8335e94
- cd83be47815e9f1734cf98f532804580a6e6b8d8
- e4247463f359d6452302cc9eaf9e45ec6aa94d56
- 15459ddc310aeaced84f747b37b254494ac7653f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.