Rewterz Threat Advisory – CVE-2021-39019 – IBM Engineering Lifecycle Optimization Vulnerability
July 19, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
July 19, 2022Rewterz Threat Advisory – CVE-2021-39019 – IBM Engineering Lifecycle Optimization Vulnerability
July 19, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
July 19, 2022Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the most dangerous malicious programs in its class. The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Government entities, financial services organizations, information technology service providers, and consultancies are the main target sectors of Orcus RAT.
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- a21927812ef8cf46aac3ff0dcdc1e102
- 47709b5a8c5732b75a5a2710b8cd4eaf
- b429afc0b2ad821ac089f7b1c91c39ac
SHA-256
- 8d60639c5f195b89770f70ff7ae4e1f4ace189e45e1391c01dbaa320ae345f91
- eb6fdc22c3a91a8628a1c54ed6dac2b1f7f7e1f1046ab1cd2f1143b77d5f524b
- bcc3034a6434070d16dead6af6ec273d80810c8404a68885c2271ae16901ffe5
SHA-1
- dfa70802bab84de5f750fd4236739ecfce07fee2
- 8eca3b6c4b830e79a56a2b6d40a2cb0f29f25f1f
- d618554a2d84f7dcde4285a6af370342c22bba1c
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.
- Do not respond to unexpected emails from untrusted email addresses.