Rewterz Threat Advisory -Apple iOS and iPadOS Denial of Service
May 25, 2021Rewterz Threat Advisory – Three Zero-Day Vulnerabilities Fixed by Apple
May 25, 2021Rewterz Threat Advisory -Apple iOS and iPadOS Denial of Service
May 25, 2021Rewterz Threat Advisory – Three Zero-Day Vulnerabilities Fixed by Apple
May 25, 2021Severity
High
Analysis Summary
Remcos is a name for a Remote Administration Tool (RAT) targeting Windows systems. Backdoor.Remcos can arrive as a malicious email attachment or be downloaded by other malware. It is marketed as a legitimate software by a Germany-based firm Breaking Security for remotely managing Windows systems is now widely used in multiple malicious campaigns by threat actors. Remcos is a sophisticated remote access Trojan (RAT) that can be used to fully control and monitor any Windows computer from XP and onwards.
Impact
- Victim’s machine information (OS version, computer name, system type, product name, primary adapter).
- User information (user access, user profile, user name, user domain)
- Processor information (processor revision number, processor level, processor identifier, processor architecture)
Indicator of Compromise
SHA-256
- a9251ba5677ee318f7b12087319f472676cf6906ec11b069af6b32a0c4a199a0
- 21caa610101127df1deae2559158138d7791de948abf21613985850d97d44d8a
- 8b5f59e7fe10dd008ddfe4f97017fe7f86e4cb75a9637a0c7af0a9e82380a376
- d8c71c1dc40a36a9bfdf3731792918d44116a6ec63800faecb7529ace0d8062d
- a945b79aac37747c2662abfbddce86f26b20f3f789c05999ffae204a69115edd
- e7510144ab7ab12ed58b249055cf818ae37c82f46d503086cd9933d456b58cb1
- fc08a11aa7b0c98831ecbfff1742a3099466919e12ce8169639ec1cdefb5e2c3
- 2979631d973070c75a1f641265e5483675d60cc45d3e96f9df9a07459610392d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.