

Rewterz Threat Alert – LockBit Ransomware – Active IOCs
February 8, 2023
Rewterz Threat Alert – Bitter APT Group – Active IOCs
February 8, 2023
Rewterz Threat Alert – LockBit Ransomware – Active IOCs
February 8, 2023
Rewterz Threat Alert – Bitter APT Group – Active IOCs
February 8, 2023Severity
High
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018
Impact
- Password & identity theft
- Data Exfiltration
- Information Theft
Indicators of Compromise
MD5
- 1b3d01265bd68ad96a38966e4f8526f6
- a28a8c381f7460d2a35f10186ca34dd6
- 72a6aa16947a6b0a491cba700e6b47d5
- d8c168266888261dc783a5b141c4b1fb
- a4e060ebd5bb75b17e61e711c97b8ec0
SHA-256
- b320fa114a23a5a628f5e3bda3a287fe38a925c24141f6acbb3737ebd8ddfcf7
- a43a0cacbfaf5aa649acc0d29ce25855ea92c50af2729f30c5f2ecfad376ef4d
- a4a1163ee346e765b3903a0f23d5a28c4df49872198bd79866ab6dd54e36d423
- 97bb73a7c678dc8cf65ad807b2915efdd8f16d7cffe5520511425bb1c42ecbfb
- 0c904d84b3edcea793d00182f0a98d0d39ece6920fa6d685b1dbf26d9cce054e
SHA-1
- c7db1a071b9860dbfce0eeb39ed79e1c0ee5832b
- 0ea66a29cca600bdd91f3505884d74dd7df09d9f
- 02b85edb22023481d08da1386db051385432c303
- c5d6a9a6bca2cb6c9db40c62c6f2ec302b916c13
- 1b4ae0ef24fb82fdda481a556ee48b158b7232aa
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.