Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 22, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 22, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 22, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 22, 2022Severity
High
Analysis Summary
Meterpreter – a trojan-type program – enables attackers to take control of affected machines remotely. This malware injects itself into compromised processes rather than creating new ones. Meterpreter can transmit and receive files, launch executable files, perform command shell operations, capture screenshots, and record keystrokes. The main objective of its distribution is either to generate revenue or infect devices with additional malware. Infected email attachments, malicious online advertisements, social engineering are some of its distribution methods. Cyber thieves can infect victims’ systems with more malware, such as ransomware, by sending, receiving, and executing files using Meterpreter. Ransomware encrypts data, making it impossible for victims to use or access it unless they acquire decryption tools from the program’s creators. Identity theft, banking information, and passwords theft are the main impact of this trojan
Impact
- Information Theft
- File Encryption
Indicators of Compromise
MD5
- 218be495adf64e02e927e44281ed37ab
- 5733a86eb1e7833b2b6d1e071842ef35
SHA-256
- 2890aa5267c9480f47391c8e20ae317b16ce5b0f9b89b13db43dbb58f001faeb
- 320fb16fcf7fb35c6c5e6e42a07a5e751dc8ab5255b750a11743d7e58ae1b574
SHA-1
- d2446318bbc295004d38320da1910ab3b34239ab
- cb0ec64ea031e41d1863d8f0dcb014d7bfbd94e8
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.