logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – Flawed Ammyy RAT (aka FlawedAmmyy RAT) Malware

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 19, 2023
    March 19, 2023
    Rewterz Threat Advisory – CVE-2022-42436 – IBM MQ Vulnerability
    Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]
    March 19, 2023
    March 19, 2023
    Rewterz Threat Advisory – ICS: Rockwell Automation Modbus TCP AOI Server Vulnerability
    Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – ICS: Multiple Schneider Electric IGSS Vulnerabilities
    Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – Flawed Ammyy RAT (aka FlawedAmmyy RAT) Malware

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 19, 2023
    March 19, 2023
    Rewterz Threat Advisory – CVE-2022-42436 – IBM MQ Vulnerability
    Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]
    March 19, 2023
    March 19, 2023
    Rewterz Threat Advisory – ICS: Rockwell Automation Modbus TCP AOI Server Vulnerability
    Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – ICS: Multiple Schneider Electric IGSS Vulnerabilities
    Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Advisory – Denial of Service flaw in Windows Servers running IIS
February 22, 2019
Rewterz
Rewterz Threat Alert – Campaign Deploying Malware via MalSpam Targeting Web Application Servers
February 25, 2019

Rewterz Threat Alert – Flawed Ammyy RAT (aka FlawedAmmyy RAT) Malware

February 25, 2019

Severity

Medium

Analysis Summary

During execution, the following commands are executed.

  • cmd.exe /C net user /domain > “%ALLUSERSPROFILE%\TMPUSER.DAT” The malware will jump directly to the deletion stage if “WORKGROUP” or “workgroup” is found in TMPUSER.DAT.
  • cmd.exe /C net.exe stop foundation
  • cmd.exe /C sc delete foundation
  • cmd.exe /c del C:\Windows\Installer\MSI[0-9A-F]{4}.tmp >> NUL

Indicators of Compromise

IP(s) / Hostname(s)

169.239.128[.]15

URLs

  • hxxp://195.123.209[.]169/dat1.omg
  • hxxp://213.183.63[.]242/fact1.omg

Filename

  • fact1.omg
  • QziRxdxCaP.exe

Email Address

  • michael[@]alliancegrp[.]net
  • amalefa[@]cablenet.com[.]ar
  • irum[@]nasco-av[.]com
  • a.buffardi[@]be-tse[.]it
  • michal.bien[@]danex.krakow[.]pl
  • fajar.apriandi[@]advancemedicorp[.]com
  • gregibbs[@]hbci[.]com
  • ecopri[@]mail.wbs.ne[.]jp

Email Subject

Sending paper signs

Malware Hash (MD5/SHA1/SH256)

  • c51fec2aa2415b6ec4da1ca6c56558a8
  • 185a273e908d81ddb862855559113cf2546af107
  • 78ae8616b8bb503cf0e5bbbb7b84b60eac8dd1d30726c2f74bd116e9ad19560c
  • d490573977cc6b42ba0b4325df953a7f
  • dacf34580c09f7b1e4b8ba02f3ab8b6be08d03ab
  • 6a7eb9a166510e72912e6b90a80f77b914a76aa9e2507d0e5472bcba036fc368
  • c4463d6ae741d4fb789bd0895fafebee
  • c8866ca1012dfabf5ad131cfeea0036dacb433e6
  • 84259a3c6fd62a61f010f972db97eee69a724020af39d53c9ed1e9ecefc4b6b6
  • 2944eca03bc13b0edf064a619ec41459
  • 83d215861c562315bca60994a901e06fc7cfa1a7
  • 014d47cc2ee73efb3ec06a72d886888fcc2489ce8e8323f57ee03295439e6f34
  • 8a9672b0f308e297db9b1000854fd13c
  • df4d358287ecb6b0555627dc4574299e67e7d4d9
  • d1d9657b4230b63ff7b5f94ecd21660c3edf314fcf23b745226fae806d456cb8
  • 9ca31cf03258d8f02ab4cd8fccbf284b
  • e1fb096873ac5ca990dda56d381f676178159885
  • af1d155a0b36c14626b2bf9394c1b460d198c9dd96eb57fac06d38e36b805460

Remediation

  • It is recommended to block the threat indicators at their respective controls.
  • Employees must not open spam emails that do not look relevant.
  • Never download files received in emails from unknown sources.
  • Never click on links attached in unexpected emails.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo