• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2021-45617 – NETGEAR Vulnerability
December 31, 2021
What’s Driving The Increase In Demand for Compromised Assessments?
January 3, 2022

Rewterz Threat Alert – STRRAT Malware – Active IOCs

December 31, 2021

Severity

High

Analysis Summary

The Java-based StrRAT virus was discovered in June 2020 by experts at the German cybersecurity firm G Data CyberDefense AG. STRRAT is a Java-based RAT that uses a lot of plugins to provide an attacker full remote access. It has the ability to steal login credentials saved on browsers and email clients, log keystrokes, and remotely manipulate compromised Windows operating systems. STRRat malware can also be used to imitate a ransomware attack. No files are encrypted; the virus simply adds the file extension (.crimson) to Notepad to show a bogus ransom message. Browsers like Firefox, Internet Explorer, Chrome, Foxmail, Outlook, and Thunderbird are supported by STRRAT malware.

Impact

  • Unauthorized access
  • Information theft
  • Exposure of sensitive data

Indicators of Compromise

SHA-256

  • d44f98bf2ad71e771d6d92f4340d5b0160c7a15be4a544941a7917da1293f2ed
  • e5d19c129485fc022232027105722b56096e23f1a6800e47949ecfaac4f459e1
  • 4e973883052470dee63cc6c6858ab5008a6dbce5adef0c4a6a7b5c938a50ae28
  • 17a9578b6d8fae823e3be3d463441c0c70ba4cb2f28ad49fa8dc072936f320ec

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.