Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
July 26, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
July 26, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
July 26, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
July 26, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Exposure of sensitive information
Indicators of Compromise
MD5
- 52405a75fab20741b81250ad5b71f8cf
- e7cb7bb13c3ce7b365fba2cdc0b5cbcc
- 1d6b63ce5bee7ec6455dd282acb1b5f0
SHA-256
- e594e93e1e2f1ef1ca11a1218ea249488406941442dfd36118722c657c3ceadc
- 29ccf6b2c0b229845df6086bd26c33cb3da426d34344aaaedde7f5d7703c1598
- cd6e802e4d9d8fc24642cb0c5e441fbc2025215c0d99252ff01c40350642937b
SHA-1
- dbe3c7654f60d0efb738f4a5688f51d0de8962a1
- 694d68a1c39a6f06395344044de205d01eecd859
- d47332f568b6f56d189671aaf00cbb9a52411d49
Remediation
- Block all threat indicators at your respective controls
- Keep your software patches updated
- Exercise caution when receiving messages from unknown third parties