March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
December 27, 2022Rewterz Threat Alert – GandCrab Ransomware – Active IOCs
December 28, 2022Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
December 27, 2022Rewterz Threat Alert – GandCrab Ransomware – Active IOCs
December 28, 2022
Severity
Medium
Analysis Summary
WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. WarzoneRAT, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018
Impact
- Sensitive Data Exposure
- Information Theft
- Keylogging
Indicators of Compromise
MD5
- c5f1177ea623aa3884f01fbf6c5232f6
SHA-256
- f3eaf384d0a1ebb18534205c8c056d337efbd549c50f1c352da66b45e00a977f
SHA-1
- e2edf8bc26f5e108c3a0fbdf684bf316e3a42bd1
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.