Rewterz Threat Alert –HawkEye Infostealer – Active IOCs
October 12, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
October 12, 2021Rewterz Threat Alert –HawkEye Infostealer – Active IOCs
October 12, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
October 12, 2021Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables
attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the
most dangerous malicious programs in its class.
The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- 7bf84287aa194bf86f303c86831b24c4
- 23f00a9e6573d0917fb7242e726fcc13
SHA-256
- 457179234f1fb5b1573ec04557a029abc393ad0605b4177cef849e291aa35a6b
- 44a93b9fd8b0492d9c800c5217875bcb5e27fe8641cad6334d8f4c0271e8e484
SHA-1
- 3a0709cc040771383bc6dddf496aa2068894f2e8
- 9cf6d3235c1798a6bcc4785e3f631cc020b35189
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.