Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
January 24, 2022Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
January 24, 2022Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
January 24, 2022Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
January 24, 2022Severity
High
Analysis Summary
NetWire is a remote access tool and a malicious program (RAT). RATs are often used to remotely access and manipulate computers. These programs can be used for lawful purposes by system administrators to get access to client systems, but they can also be used for malicious purposes. NetWire is a keylogger used by cybercriminals to collect data from USB card readers and other peripheral devices. This sends emails containing potentially dangerous files. The malware gets downloaded into the victim’s machine after the victim clicks on it. Crooks frequently use PDF, Word, and IMG files as shared files for their malware payloads.
Impact
- Sensitive Data Exposure
- Information Theft
- Keylogging
Indicators of Compromise
MD5
- 8200812461dcd7c28378a588871a0e76
- d058c6416284f291d6bc7e183293da1f
- e216d0383eba0be804c27f8ef757561c
SHA-256
- 026f32fe680ae9ca9d2b30c270da3d26e7e4cdda463ec3552542c1d934e646e8
- c47c4a57e7521c6886ca3764b32ad1e5d8669f2fbf6b127fe7a832f1f3b74ec5
- 2335d5c9dea706909a69b949120c856012a6dbd3b66897d5cf0f21cad7bbd088
SHA-1
- 0baf844ab5b1e2b735925278ef788e2338c6e30f
- 9fe97ad0c11997b7c0ca5a43aff43cc8bdb915b6
- 7d5cced03bdfc21957417aeb9d227930b62b7ed5
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders