Rewterz Threat Advisory – Multiple Apache Apache OpenOffice Vulnerabilities
August 16, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
August 16, 2022Rewterz Threat Advisory – Multiple Apache Apache OpenOffice Vulnerabilities
August 16, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
August 16, 2022Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the most dangerous malicious programs in its class. The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Government entities, financial services organizations, information technology service providers, and consultancies are the main target sectors of Orcus RAT.
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- a08fef0fb1892c8453749d07c036b834
- 87dc4e9f3bb6d64109e13236c459bd75
- 9da5706dff6effa88b7a41aefd415ef0
SHA-256
- ba93e357204915035785c0081b8bf2d64622ce764b0caea504d0b55ee9713e27
- e7965049e929aeeea681c1b8c4f3108d22b15ce64038fe8a9576ec06198186d7
- ee3a15101a6793b68a547fed19f4c6690f90b58c511da6ba6de48940c697cb8e
SHA-1
- 2bcb1a431a6442fbbd99e001fb4d9cdac365ac25
- c11cd6f5715ffc5e25677be64a211f8bedffdfa9
- d213f92a93bc69ecc009aea3a73746cd9c7561bf
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.
- Do not respond to unexpected emails from untrusted email addresses.