Rewterz Threat Alert – Warzone RAT – Active IOCs

Severity

Medium

Analysis Summary

WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. WarzoneRAT, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018

Impact

• Sensitive Data Exposure
• Information Theft
• Keylogging

Indicators of Compromise

MD5

• c5f1177ea623aa3884f01fbf6c5232f6

SHA-256

• f3eaf384d0a1ebb18534205c8c056d337efbd549c50f1c352da66b45e00a977f

SHA-1

• e2edf8bc26f5e108c3a0fbdf684bf316e3a42bd1

Remediation

• Block all the threat indicators at your respective controls. 
• Search for IOCs in your environment.