November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 24, 2022Rewterz Threat Alert – Amadey Botnet – Active IOCs
August 24, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 24, 2022Rewterz Threat Alert – Amadey Botnet – Active IOCs
August 24, 2022
Severity
Medium
Analysis Summary
The Ramnit malware has numerous variants, which may individually be categorized as trojans, viruses, or worms. The first ramnit malware discovered in 2010 were viruses that infected exe, .dll , and html files found on a computer. Later variants included the ability to steal confidential data from the infected machine. Depending on the variants, Ramnit-infected machines can also be enslaved in a botnet.
Impact
- Information Theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
- e9c85c499f6b7c7e91a44567f27ecd68
- 685f1cbd4af30a1d0c25f252d399a666
SHA-256
- f09ec41136e8e5e5076ca495192d9326e5581c748148fa877412d466db26112d
- 0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4
SHA-1
- 6f89d9176e58f04c3cd48669f7a0b83660642379
- 6a1b978f5e6150b88c8634146f1406ed97d2f134
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.