Rewterz Threat Advisory – CVE-2023-25927 – IBM Security Verify Access Vulnerability
May 15, 2023Rewterz Threat Alert – APT37 aka GoldBackDoor Group – Active IOCs
May 15, 2023Rewterz Threat Advisory – CVE-2023-25927 – IBM Security Verify Access Vulnerability
May 15, 2023Rewterz Threat Alert – APT37 aka GoldBackDoor Group – Active IOCs
May 15, 2023Severity
Medium
Analysis Summary
Remcos malware has been operating since 2016. This RAT was originally promoted as genuine software for remote control of Microsoft Windows from XP onwards, and is frequently found in phishing attempts due to its capacity to completely infect an afflicted machine. Remcos malware attacks Windows systems and provides the attacker complete control over the machine.It is frequently distributed by malicious documents or archive files that contain scripts or executables. Remcos, like other RATs, offers the threat actor complete access over the infected PCs which allow them to record keystrokes, passwords, and other critical information. Remcos incorporates various obfuscation and anti-debugging techniques to evade detection. Regular updates of its features by its creators make this malware a challenging adversary.
Impact
- Information Commands
- Backdoor Theft
- Credential Theft
- User Information Theft
Indicators of Compromise
MD5
- 5be2f10437a6105706e880b53b89544a
- 947a5c046f8cfb1b6fb007bf67f55499
- b88e99f4eb617b813c852fd661d955cc
SHA-256
- 90920ec16dc530c71905b20801f4d443ddcadbcb1d2a5d0a957fc837169fa4b2
- f07ddc7c081b1106a27590e5497bec74f0d48f18b8c49d17ea57fa3d7d0704d8
- 0aefad4e27d919ecb1cf49ac9fd7064fb6501f9043be4eba99910be475a29bbd
SHA-1
- 0b8928ad5ed6e91ba800b6314ed00cfcc672a083
- 6f1cdddfcdfb8f4793eed122b0f8d3dff1da7d04
- 454117d84782541a8696fd61a86bc102585ae7b2
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open links and attachments received from unknown sources/senders.