

Rewterz Threat Alert – Eternal Blue Trojan Upgraded to Detect & Exploit BlueKeep Vulnerability
October 16, 2019
Rewterz Threat Advisory – CVE-2019-15260 – Cisco Aironet Access Points Unauthorized Access Vulnerability
October 17, 2019
Rewterz Threat Alert – Eternal Blue Trojan Upgraded to Detect & Exploit BlueKeep Vulnerability
October 16, 2019
Rewterz Threat Advisory – CVE-2019-15260 – Cisco Aironet Access Points Unauthorized Access Vulnerability
October 17, 2019Severity
High
Analysis Summary
While researching prevalent commodity Remote Access Tools (RATs), Unit 42 researchers discovered a new, undocumented RAT in September, which had almost 50 samples observed in more than 2,200 attack sessions within the first month it was sold. In this report, Unit 42 document the RAT manager/builder, client malware, and profile the Swedish actor behind this together with his promotion and sale of his malware. Unit 42 also document this RAT already being used in malicious attacks in the wild.
Black Remote Controller PRO is a powerful and full featured systems remote administration suite. It will give you full access and control over a remote machine through a countless number of features, giving you the ability to monitor, access or manipulate every activity and data remotely, just like you are in front of it!
Impact
Exposure of sensitive information
Indicators of Compromise
SH256
- 25ce044c34426b828546206fad18930a412bb908c38701c4515f4d0ac0616cc1
- 105cab9c9604238c05be167c6d8d47cd2bc0427b07ede08c5571b581ebd80001
- c207cf50305f126451e2dc5493d83614fdf801541d011e5002ee5daea2b4433b
- ee20db296c7c4cf3ca6db0c739f1579f554a447b6c1e2b343b22d341f288662f
- c38006115bd7c22151c4e31d8d4ed6ec114c2aaf1c7c0da12ef7b44f96fc58d6
- f7b165903f6f9b979e84399ce4e1b85ed2927740771d85a7b8c85203641a08a1
- 117cf46ae69134dbe0c8a1d5f4cac92b46c15ea4945929df3880c0ac63e158f3
- 53c5a447cf10439616e35a0705a3390e4cbf0d2709ad0ddd4e9b2222631bfb24
- 93bfbd4b12a17732c8b7e66c554f98187184c6d845bd02e0dbb2104ce8da0453
- 901e06cd91adb7255d75781ef98fac71d17f7bed074a52147bdbd42ea551b34f
- 129491bfdd9a80d5c6ee1ce20e54c9fb6deb2c1e1713e4545b24aa635f57a8b9
- 469d8b2cced859f57b535363307c1e29c0bf0342d14ce0da109a40493a441b62
- 0908f8fbe1e3a77d941ae83fe3677d103d86d6e59a6ae4530eadba8af7fc1b3a
- 0f66acc9883b284580980020d4a48557b2fe38312ca80db97c77cc2fa78c51fb
- 69aaaf148a132385512f66d7668b045d6467f8639a3ef7460e20ce0627bc84fc
- 3875545099276f2b34c3752b177b6d90a2eeb47148ddfb559a4d076d0f40716a
- f6ae66a8a6357d7622463db9953ae164d496e7f5ee0dfe2c8e3550a231f25078
- ed7693d9b1b069d39451002bc1df06bf4e123926fa34abb6afeb9a18d6d90dcd
- 77fe670ed011e547db72207ba5849b9f618185b52e0ae766c23ef675b116b252
- 931839ee649da42b0ee3ac5f5dfa944b506336c7f4e5beb3fc07a6b35a7e6383
- a590d504a6bbbdb50befce40820ebc9d341ff9c37adb5693684b85afef5d56dc
- 33a3572c32f024e6610e2b2ab428118c162687410dd84db7866e8f198442e6ca
- a4bc7d42dd64df3502b7f8c2335c64eba7a484479fc8c2dc8a4aa448f10354b3
- 2b3cda455f68a9bbbeb1c2881b30f1ee962f1c136af97bdf47d8c9618b980572
- cb423b73ae3e51195abbcf8bc1f2655d61436825815089b92e843b570ac7c86d
- cc795b94cac222afc69749359d8b17d9fb7a7fb6e824d43008c1674c0d146929
- f83e25cf2b2c2f2d0a14e3f538c11f70135ee8ec158446a51bb0f2d999765267
- 0c63983cb38d187c187f373852d7b87ff4e41ea0d77d75907aa3388ad957f38f
- 1737cf3aec9f56bb79a0c4e3010f53536c36a1fbeeedea81b6d7b66074ecffbe
- 756efcbd2767c5499b6f09a089033c82050459fc2999d3ce79caa25746693e26
- c5a78bf01ab2e44c7dba3a363f2eda51cf648e904f2beb47d6cf3112368ff20c
- 57a15cc236e4d2ba6e08b062a75671b8a674e0d8498d87e48652c778ea263d49
- ada653c948875a9c1ca588251b317d8e971fdf980252d92e36d59f14f5eb9ab9
- e5366365852a953a1747ab8a5d721c2536c5671c07bfecf648fb2cf6a13f2dc0
- 9c93b768b5261194ad207c0e92e9767e70ba38203f24f2909e1b39a9a1d6570c
- e54531896dbd100fec41cfc89b06f2afa1efd4077d1f197b1b88f74371135436
- e1bf5d2ef3a4f922f9a15ab76de509213f086f5557c9e648126a06d397117d80
URL
- https[:]//renaj[.]duckdns[.]org/
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.