Rewterz Threat Alert – AveMaria RAT – Active IOCs

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

July 14, 2022

Rewterz Threat Alert – Mirai Botnet – Active IOCs

July 14, 2022

Rewterz Threat Alert – AveMaria RAT – Active IOCs

Severity

Medium

Analysis Summary

AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.

Impact

Unauthorized Access

Indicators of Compromise

MD5

73beab65035fb1e5a22e507b188732a5

SHA-256

a47111a11f6baf3cf3180c7521dc1b890197d3775d5c69bccbeeb0a1005fbe37

SHA-1

4bfdcb9d228d847b6cff17fe51dd1e2f4a9707ee

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Alert – Mirai Botnet – Active IOCs

Rewterz Threat Alert – AveMaria RAT – Active IOCs

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA-1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan