Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
January 18, 2023Rewterz Threat Alert – GCleaner Malware – Active IOCs
January 18, 2023Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
January 18, 2023Rewterz Threat Alert – GCleaner Malware – Active IOCs
January 18, 2023Severity
High
Analysis Summary
Ekipa is a remote access tool (RAT) that is used to remotely control and access other computers. It is typically used by cybercriminals to gain unauthorized access to a victim’s computer and steal sensitive information or perform other malicious actions. The software is often spread through phishing emails or malicious online advertisements, and it can be used to take control of the victim’s keyboard and mouse, access their files, and even turn on their microphone and webcam. It is important to note that using RATs without authorization is illegal in many countries and using it on a computer you don’t own can lead to serious legal consequences.
Impact
- Credential Theft
- Unauthorized Access
- Theft of Sensitive Information
- File manipulation
- Remote command execution
Indicators of Compromise
MD5
- 100053e76ce732740f98e9aa5b68b6de
- fc4fdbe77f46a294d2bc3253cc3bcd9b
- 7c6652068e978a1acbc8589ce925264a
SHA-256
- 2d52b21737552248917aab87a2c3bb4b15471a05b340b31577a57c749a9d1c07
- 03ff5170f9d3a4e437caa902d143021dd4f828a83db52b7138abf6b0fc801c48
- 40c1bcbe13eed1732485f8660465c0e7c3cca6940cf47df0368b395547fd8c0a
SHA-1
- 97e767db453173ed1f902df64c29eb7aea21e6f2
- 794bd775f0fa93d6cfca5a213dce4214be0d3f16
- 53d523d750d8f03d9dae6379c9abc365bbf07daa
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Patch and upgrade any platforms and software timely and make it into a standard security policy.