• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Eternal Blue Trojan Upgraded to Detect & Exploit BlueKeep Vulnerability
October 16, 2019
Rewterz Threat Advisory – CVE-2019-15260 – Cisco Aironet Access Points Unauthorized Access Vulnerability
October 17, 2019

Rewterz Threat Alert – Blackremote: An undocumented RAT

October 16, 2019

Severity

High

Analysis Summary

While researching prevalent commodity Remote Access Tools (RATs), Unit 42 researchers discovered a new, undocumented RAT in September, which had almost 50 samples observed in more than 2,200 attack sessions within the first month it was sold. In this report, Unit 42 document the RAT manager/builder, client malware, and profile the Swedish actor behind this together with his promotion and sale of his malware. Unit 42 also document this RAT already being used in malicious attacks in the wild.

Black Remote Controller PRO is a powerful and full featured systems remote administration suite. It will give you full access and control over a remote machine through a countless number of features, giving you the ability to monitor, access or manipulate every activity and data remotely, just like you are in front of it!

Impact

Exposure of sensitive information

Indicators of Compromise

SH256

  • 25ce044c34426b828546206fad18930a412bb908c38701c4515f4d0ac0616cc1
  • 105cab9c9604238c05be167c6d8d47cd2bc0427b07ede08c5571b581ebd80001
  • c207cf50305f126451e2dc5493d83614fdf801541d011e5002ee5daea2b4433b
  • ee20db296c7c4cf3ca6db0c739f1579f554a447b6c1e2b343b22d341f288662f
  • c38006115bd7c22151c4e31d8d4ed6ec114c2aaf1c7c0da12ef7b44f96fc58d6
  • f7b165903f6f9b979e84399ce4e1b85ed2927740771d85a7b8c85203641a08a1
  • 117cf46ae69134dbe0c8a1d5f4cac92b46c15ea4945929df3880c0ac63e158f3
  • 53c5a447cf10439616e35a0705a3390e4cbf0d2709ad0ddd4e9b2222631bfb24
  • 93bfbd4b12a17732c8b7e66c554f98187184c6d845bd02e0dbb2104ce8da0453
  • 901e06cd91adb7255d75781ef98fac71d17f7bed074a52147bdbd42ea551b34f
  • 129491bfdd9a80d5c6ee1ce20e54c9fb6deb2c1e1713e4545b24aa635f57a8b9
  • 469d8b2cced859f57b535363307c1e29c0bf0342d14ce0da109a40493a441b62
  • 0908f8fbe1e3a77d941ae83fe3677d103d86d6e59a6ae4530eadba8af7fc1b3a
  • 0f66acc9883b284580980020d4a48557b2fe38312ca80db97c77cc2fa78c51fb
  • 69aaaf148a132385512f66d7668b045d6467f8639a3ef7460e20ce0627bc84fc
  • 3875545099276f2b34c3752b177b6d90a2eeb47148ddfb559a4d076d0f40716a
  • f6ae66a8a6357d7622463db9953ae164d496e7f5ee0dfe2c8e3550a231f25078
  • ed7693d9b1b069d39451002bc1df06bf4e123926fa34abb6afeb9a18d6d90dcd
  • 77fe670ed011e547db72207ba5849b9f618185b52e0ae766c23ef675b116b252
  • 931839ee649da42b0ee3ac5f5dfa944b506336c7f4e5beb3fc07a6b35a7e6383
  • a590d504a6bbbdb50befce40820ebc9d341ff9c37adb5693684b85afef5d56dc
  • 33a3572c32f024e6610e2b2ab428118c162687410dd84db7866e8f198442e6ca
  • a4bc7d42dd64df3502b7f8c2335c64eba7a484479fc8c2dc8a4aa448f10354b3
  • 2b3cda455f68a9bbbeb1c2881b30f1ee962f1c136af97bdf47d8c9618b980572
  • cb423b73ae3e51195abbcf8bc1f2655d61436825815089b92e843b570ac7c86d
  • cc795b94cac222afc69749359d8b17d9fb7a7fb6e824d43008c1674c0d146929
  • f83e25cf2b2c2f2d0a14e3f538c11f70135ee8ec158446a51bb0f2d999765267
  • 0c63983cb38d187c187f373852d7b87ff4e41ea0d77d75907aa3388ad957f38f
  • 1737cf3aec9f56bb79a0c4e3010f53536c36a1fbeeedea81b6d7b66074ecffbe
  • 756efcbd2767c5499b6f09a089033c82050459fc2999d3ce79caa25746693e26
  • c5a78bf01ab2e44c7dba3a363f2eda51cf648e904f2beb47d6cf3112368ff20c
  • 57a15cc236e4d2ba6e08b062a75671b8a674e0d8498d87e48652c778ea263d49
  • ada653c948875a9c1ca588251b317d8e971fdf980252d92e36d59f14f5eb9ab9
  • e5366365852a953a1747ab8a5d721c2536c5671c07bfecf648fb2cf6a13f2dc0
  • 9c93b768b5261194ad207c0e92e9767e70ba38203f24f2909e1b39a9a1d6570c
  • e54531896dbd100fec41cfc89b06f2afa1efd4077d1f197b1b88f74371135436
  • e1bf5d2ef3a4f922f9a15ab76de509213f086f5557c9e648126a06d397117d80

URL

  • https[:]//renaj[.]duckdns[.]org/

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.