Rewterz Threat Alert – Remcos RAT – Active IOCs
November 8, 2021Rewterz Threat Advisory – CVE-2021-31385 – Juniper Networks Junos OS
November 9, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
November 8, 2021Rewterz Threat Advisory – CVE-2021-31385 – Juniper Networks Junos OS
November 9, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 6366f1b1df1373febc0d926276056076
- a633eece5a7b619a4f772af6f340ba4d
- 29188c8c6967ad6e80d26d37b083bf80
- 2f026a4e714a11325ce22490c0558e53
SHA-256
- d40aab7bc175b9f8c4b29c54b1393839d357e49029acca64f25455460668626f
- e8234ce76c56d0bcd51bcd849c71e2489214d3c61e12f44352fe0a2f14a77617
- 199bc18551e8786a107ed743e9aed93e6128a972bb02d76c88bd0c10687a39ab
- 0f7361229bd8aa3f5a812eaa812bb2289d97b9f7d82b103d1c90dc333c0be10f
SHA-1
- ee6ed07710ad9a2a07d66c428960b2bd19c73588
- d76af95d029461f1c611fab05b982f92d1448cb9
- 1a2476e182867a7f48b1fd15c81a65250ab6837f
- 89d742acc48ec9a94b2670925cfd31934b022a51
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.