November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – LokiBot Malware – Active IOCs
April 7, 2021Rewterz Threat Advisory – Cisco SD-WAN vManage Software Vulnerabilities
April 8, 2021Rewterz Threat Alert – LokiBot Malware – Active IOCs
April 7, 2021Rewterz Threat Advisory – Cisco SD-WAN vManage Software Vulnerabilities
April 8, 2021
Severity
Medium
Analysis Summary
NanoCore is a remote access tool (RAT). In most cases, this malware is distributed using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with malware such as NanoCore. The presence of this malware can result into data exfiltration, since the malware distributor gains remote access to the infected system. The malware is also capable of disabling some tools, stealing credentials and sensitive information.
Impact
- Credential Theft
- Unauthorized Access
- Theft of Sensitive Information
Indicators of Compromise
Filename
PAYMENT SWIFT EXPO2135002GL_SCANNED DOCUMENT_pdf[.]ace
MD5
e455b362425316e91c10c90fcd9c2ecc
SHA-256
a87ac9a441f7411c5a03bc1b57905037bc9f11b455b2f048a2ed3f5e2465131e
SHA1
996f73d06c3e6e98899944672f56ca91175d5af5
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.