March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – DanaBot Trojan – Active IOCs
November 15, 2021Rewterz Threat Advisory – Citrix Application Delivery Controller
November 15, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
November 15, 2021Rewterz Threat Advisory – Citrix Application Delivery Controller
November 15, 2021
Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables
attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the
most dangerous malicious programs in its class.
The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- f34b17da65f6a99f1bf31ffcddb5b16e
- 0300ae2b9879c117e2eacc10ab018391
SHA-256
- b7fbb4a087638a85126014847fed7066c754929937d1f0d5c398077552174a47
- 16b3c4ae3f25241a2c38866faa621cc0fb1969c872c9b5c515597b63c92c2f86
SHA-1
- 299c976185fd507f9dd00429710793e7281a7a46
- 59f7e5e5cdeee91c6129e623b183e3efb6eba2b9
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.