Rewterz Threat Alert – Nanocore Rat – Active IOCs
March 28, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
March 28, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
March 28, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
March 28, 2022Severity
High
Analysis Summary
Gh0st RAT, aka Farfli, Gh0st RAT, PCRat is a RAT used by many adversaries like Hurricane Panda, Lazarus Group, and Emissary Panda. It is used to hack into many organizations’ computer networks. The open-source code makes it easy for threat actors to utilize the cyber-spying capabilities of the RAT for their own benefit. Malware dissemination is done by the GhostNet system to selected recipients taken from stolen credentials and leaked information. Gh0st RAT allows threat actors to gain total, real-time control of infected systems. The RAT also gives its abusers the ability to turn audio-recording and camera capabilities of the victim’s computer.
Impact
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 7daf763642f63487db81b7bcf540df39
- f867b6cc27c45d8757f0307d3c1791c5
SHA-256
- 471383638e142ace49f10346dd775555574b6ab0a874a18f425f39f79f148f1d
- 6783d54cbf857c433f70045d3d0f264e58b064faba6802755ff0730e4176d2ab
SHA-1
- eb9ca756dca1ed89f80703aa8c4efbced85336b8
- f77fd3cf9f5a6e75f5fbb693c38ff87f16cbfee1
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.