Rewterz Threat Alert – NJRAT – Active IOCs
January 15, 2023Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs
January 16, 2023Rewterz Threat Alert – NJRAT – Active IOCs
January 15, 2023Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs
January 16, 2023Severity
High
Analysis Summary
Ghost RAT is a remote access trojan that allows an attacker to access an infected machine to harvest sensitive information and data. This type of malware enables cybercriminals to gain complete access to infected computers and attempt to hijack the user’s banking account.Some variants of Gh0st can be used to install cryptocurrency miners and/or various trojan-type programs. Cybercriminals use these controls over the infected computer to access the victim’s bank account and transfer money without authorization.
Impact
- Credential Theft
- Unauthorized Access
- Theft of Sensitive Information
- File manipulation
- Remote command execution
Indicators of Compromise
MD5
- aee1b678ea214e309037939ffa3826df
- d6f7c683a7a474c59ba9edea432aa106
SHA-256
- 5f592736210995bad55b750217cbf1cafd54026f163f869f71f1ccd4d107530a
- 04ac3bd28388262ae4c1b8e905796d09862da493112cbe7c9b2595c17a10ed55
SHA-1
- ce505cce0ec2f427aac022692b420949fdf607f2
- 9d239d58f964c4598699d1859896ef5d6b0bed64
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Patch and upgrade any platforms and software timely and make it into a standard security policy.