Rewterz Threat Alert – Maze Ransomware – Active IOCs
September 6, 2021Rewterz Threat Alert – Trickbot Malware – Active IOCs
September 6, 2021Rewterz Threat Alert – Maze Ransomware – Active IOCs
September 6, 2021Rewterz Threat Alert – Trickbot Malware – Active IOCs
September 6, 2021Severity
High
Analysis Summary
NetWire is a remote access Trojan focused on password stealing and keylogging, as well as including remote control capabilities. This threat has been used by malicious groups since 2012 and distributed through various social engineering campaigns (malspam). Recently, NetWire has been distributed as a second payload using Microsoft Word documents via GuLoader phishing waves. These days, NetWire is often launched via social engineering campaigns or as a later payload of another malware chain. Criminals send emails with malicious files attached to a wide number of users and expect at least someone to open the infected file. Once a victim clicks on it, the malware file is downloaded onto the victim’s computer. The shared files often used by crooks are PDF, Word, and IMG files.
Impact
- Information Theft
- Exposure of Sensitive Data
- Keylogging
Indicators of Compromise
MD5
- 9345d2c9bd66c5e23f0558c6d38d1763
- cca05958526ca1b406317bbc8137c6fe
- 8dde8d3377274864b19cfdd9432aea9a
- 182338a8dec61aabd85906ff4ffcac9d
SHA-256
- 0f67fd50b46ca7283dc172211a42e3ffab7b524a1e2e23433c34c88e657cd364
- dbf616ad9c72def90a363c076c2e66d25831350d2e1ad60b22675e2c0ad95e56
- 88f47e23c6b59062ba27bebe4cd6004379567bb613a91ec0b83644986212cf8e
- 174d091dcf5a5b2c4af35b5df2e4094ddf31bc589208f7b79ff5fc0db2dde514
SHA-1
- 7ecbbac88c4f2b4253e481ee398dcf38df5f721a
- 409794c9962f28780176be4a82b3fdd7d7b41427
- 3ea2077e34246045af909dc902698a3d51b6d3cf
- 898839d66a5c40b4b5236e28bf4a01de91b0f106
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.