Rewterz Threat Alert – Mirai Botnet – Active IOCs
March 28, 2022Rewterz Threat Alert – HeaderTip Malware – Active IOCs – Russian-Ukrainian Cyber Warfare
March 28, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
March 28, 2022Rewterz Threat Alert – HeaderTip Malware – Active IOCs – Russian-Ukrainian Cyber Warfare
March 28, 2022Severity
High
Analysis Summary
Meterpreter – a trojan-type program – enables attackers to take control of affected machines remotely. This malware injects itself into compromised processes rather than creating new ones. Meterpreter can transmit and receive files, launch executable files, perform command shell operations, capture screenshots, and record keystrokes. The main objective of its distribution is either to generate revenue or infect devices with additional malware. Infected email attachments, malicious online advertisements, social engineering are some of its distribution methods. Cyber thieves can infect victims’ systems with more malware, such as ransomware, by sending, receiving, and executing files using Meterpreter. Ransomware encrypts data, making it impossible for victims to use or access it unless they acquire decryption tools from the program’s creators. Identity theft, banking information, and passwords theft are the main impact of this trojan
Impact
- Information Theft
- File Encryption
Indicators of Compromise
MD5
- 29ef0f2245694429771a8a022e0edbca
SHA-256
- c40df4febb13c7e97d14f1e7158f48f282e0daf02ec30e1ad4b68e18e6411627
SHA-1
- afe02649612a4779faffca38dc696957f9a7a88c
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.