November 20, 2023

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]

November 19, 2023

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]

November 19, 2023

Rewterz Threat Advisory – CVE-2023-40363 – IBM InfoSphere Information Server Vulnerability

Severity High Analysis Summary CVE-2023-40363 IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. Impact […]

November 20, 2023

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]

November 19, 2023

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]

November 19, 2023

Rewterz Threat Advisory – CVE-2023-40363 – IBM InfoSphere Information Server Vulnerability

Rewterz Threat Advisory – CVE-2019-6974 – Linux Kernel KVM “kvm_ioctl_create_device()” Use-AfterFree Vulnerability

February 27, 2019

Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings

February 28, 2019

Rewterz Threat Alert -WARZONE RAT ( aka Ave Maria RAT) Malware

February 27, 2019

Severity

Medium

Analysis Summary

Malspam WARZONE RAT (aka Ave_Maria Stealer aka Ave Maria RAT) malware has been spread through different phishing campaigns. Threat indicators are provided.

Indicators of Compromise

IP(s) / Hostname(s)

5.206.225[.]104
146.255.88[.]214

URLs

warzonedns[.]com
hxxp://5.206.225[.]104/dll/vcruntime140.dll
hxxp://5.206.225[.]104/dll/softokn3.dll
hxxp://5.206.225[.]104/dll/msvcp140.dll
hxxp://5.206.225[.]104/dll/mozglue.dll
hxxp://5.206.225[.]104/dll/freebl3.dll hxxp://5.206.225[.]104/dll/nss3.dll
hxxp://5.206.225[.]104/dll/upnp.exe

Email Address

manarnasr[@]madeinaudio[.]com
tou013[@]efx.net[.]nz

Email Subject

Important Process form Regarding fraud Adjustment Refund
TD Bank Secure Mail
Transaction receipt for eInvoice 4596
ACH Credit Transaction

Malware Hash (MD5/SHA1/SH256)

4e56a44a29a1f6038f2f0c1909aa02846e61a3b9
8662cce96988085e2e35f80c0d9a3e7bb9022b22
708c6af4b82bd6913709fe6ed17c766e2585b3b4
1f8080cd046576290f28e1e22c2daf7843d72642
b3892eef846c044a2b0785d54a432b3e93a968c8
ffcdc87572815d4801094dd7fa7df5f5868d0b3e
153b601dd6780f1a532f68444f92aeed2c7971b58547aaf2b9d5165c0c14623d
27a855a5b954c4a2415b5f49cd798872a5bc6a08878ba5eea010b0a27718a987
49027f9a9bf07e48b40512aab3c06d5dcdf7a50bfd7019bf32182a1f2ffacf16
cfe14dc4f408f1d1cbabf5b05cde303a8c8ff6a600d98b3ef4b12ab1d2f73ba0
798af20db39280f90a1d35f2ac2c1d62124d1f5218a2a0fa29d87a13340bd3e4
0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9
a2681b18b9e0d0a449cc9fd018d503cc
2cb663a749b8f07054e8ffc29564f78e
469209838a2ae561997998debabac084
b74a28a008ea01c409392dbeb15a078a
461ade40b800ae80a40985594e1ac236
ee03ca33712e4ee518cb7b046d0f64ec

Remediation

Block the threat indicators at their respective controls.
Always be suspicious of unsolicited email.
Never click/ download any attachments sent from unrecognized senders.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Rewterz Threat Advisory – CVE-2023-40363 – IBM InfoSphere Information Server Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Rewterz Threat Advisory – CVE-2023-40363 – IBM InfoSphere Information Server Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2019-6974 – Linux Kernel KVM “kvm_ioctl_create_device()” Use-AfterFree Vulnerability

Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings