Rewterz Threat Alert – VBA Rat Using Double Attack Vectors – Active IOCs
August 30, 2021Rewterz Threat Alert – Troldesh Ransomware – Active IOCs
August 30, 2021Rewterz Threat Alert – VBA Rat Using Double Attack Vectors – Active IOCs
August 30, 2021Rewterz Threat Alert – Troldesh Ransomware – Active IOCs
August 30, 2021Severity
High
Analysis Summary
NetWire is a remote access Trojan focused on password stealing and keylogging, as well as including remote control capabilities. This threat has been used by malicious groups since 2012 and distributed through various social engineering campaigns (malspam). Recently, NetWire has been distributed as a second payload using Microsoft Word documents via GuLoader phishing waves. These days, NetWire is often launched via social engineering campaigns or as a later payload of another malware chain. Criminals send emails with malicious files attached to a wide number of users and expect at least someone to open the infected file. Once a victim clicks on it, the malware file is downloaded onto the victim’s computer. The shared files often used by crooks are PDF, Word, and IMG files.
Impact
- Information Theft
- Exposure of Sensitive Data
- Keylogging
Indicators of Compromise
MD5
- e9978425a024bee8daf9b6ae88d1d967
SHA-256
- e4b66d8eccf8e0ec2f33afb880b23e1a5dc131028bf91a4c5cbbbd883331fa65
- 3735ffbb521ae0c533a5fe4d131c2e6e77ae78b2647511720ad8231d9208d803
- 127007573df51102998a62eadf85c00b1aa4ae4df1b3bc2b03e0ee42ead574aa
- 11084f0e466c6e14a898cd1e806dcfddc4ae3c7819a617c3d0a54490989ba559
SHA-1
- 8bb64106e14c7ece0e6478a73169d7cc520c18ef
Remediation
- Block all the threat indicators at your respective controls .
- Search for IOCs in your enviornment.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders..