• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-6974 – Linux Kernel KVM “kvm_ioctl_create_device()” Use-AfterFree Vulnerability
February 27, 2019
Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
February 28, 2019

Rewterz Threat Alert -WARZONE RAT ( aka Ave Maria RAT) Malware

February 27, 2019

Severity

Medium

Analysis Summary

Malspam WARZONE RAT (aka Ave_Maria Stealer aka Ave Maria RAT) malware has been spread through different phishing campaigns. Threat indicators are provided.

Indicators of Compromise

IP(s) / Hostname(s)

  • 5.206.225[.]104
  • 146.255.88[.]214

URLs

  • warzonedns[.]com
  • hxxp://5.206.225[.]104/dll/vcruntime140.dll
  • hxxp://5.206.225[.]104/dll/softokn3.dll
  • hxxp://5.206.225[.]104/dll/msvcp140.dll
  • hxxp://5.206.225[.]104/dll/mozglue.dll
  • hxxp://5.206.225[.]104/dll/freebl3.dll hxxp://5.206.225[.]104/dll/nss3.dll
  • hxxp://5.206.225[.]104/dll/upnp.exe

Email Address

  • manarnasr[@]madeinaudio[.]com
  • tou013[@]efx.net[.]nz

Email Subject

  • Important Process form Regarding fraud Adjustment Refund
  • TD Bank Secure Mail
  • Transaction receipt for eInvoice 4596
  • ACH Credit Transaction

Malware Hash (MD5/SHA1/SH256)

  • 4e56a44a29a1f6038f2f0c1909aa02846e61a3b9
  • 8662cce96988085e2e35f80c0d9a3e7bb9022b22
  • 708c6af4b82bd6913709fe6ed17c766e2585b3b4
  • 1f8080cd046576290f28e1e22c2daf7843d72642
  • b3892eef846c044a2b0785d54a432b3e93a968c8
  • ffcdc87572815d4801094dd7fa7df5f5868d0b3e
  • 153b601dd6780f1a532f68444f92aeed2c7971b58547aaf2b9d5165c0c14623d
  • 27a855a5b954c4a2415b5f49cd798872a5bc6a08878ba5eea010b0a27718a987
  • 49027f9a9bf07e48b40512aab3c06d5dcdf7a50bfd7019bf32182a1f2ffacf16
  • cfe14dc4f408f1d1cbabf5b05cde303a8c8ff6a600d98b3ef4b12ab1d2f73ba0
  • 798af20db39280f90a1d35f2ac2c1d62124d1f5218a2a0fa29d87a13340bd3e4
  • 0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9
  • a2681b18b9e0d0a449cc9fd018d503cc
  • 2cb663a749b8f07054e8ffc29564f78e
  • 469209838a2ae561997998debabac084
  • b74a28a008ea01c409392dbeb15a078a
  • 461ade40b800ae80a40985594e1ac236
  • ee03ca33712e4ee518cb7b046d0f64ec

Remediation

  • Block the threat indicators at their respective controls.
  • Always be suspicious of unsolicited email.
  • Never click/ download any attachments sent from unrecognized senders.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.