

Rewterz Threat Advisory – CVE-2022-30189 – Microsoft Autopilot Device Management and Enrollment Client Vulnerability
June 15, 2022
Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
June 15, 2022
Rewterz Threat Advisory – CVE-2022-30189 – Microsoft Autopilot Device Management and Enrollment Client Vulnerability
June 15, 2022
Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
June 15, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 0c2a145c133fa0a00abc2ddc472a5b46
- 20a94c1150550772013e971f6151ba46
- 953d07805442896fe9f5698a0e2e942c
- 95221b128e2ea58c86fb21b321b1dc03
- 62243d187e189f1f193b7ebb99d45a8f
- f034363ae1a5c32124e809f18b3cceea
- 73e1ab13d800e7d474a00b8358748fce
- 6fe5939a4a600e12921d7b22b381f7b3
SHA-256
- fbc82a6d085f7bf19959040ca3f5f6445c3b3d12b0f7af0ec8fcd85663a2e931
- 6f178549e4142e5c18653b7b0391b1e5025b320420a52eae4cfe74a83ea73e96
- cb9db1a34e9db61f443aedf69b1cc605ef088b1e38d990cce2115f10d4b057c4
- d83aa0f6cae89cd0af385215ba7b08b997f876a1c87b60a14ff05fe1e1dccb8a
- 933aa9ff331533ee82a1d70637f87f67df0e2510799f30e0bab35bc75c0a48d0
- 81d0a8bc64c38faae2f075becf4ddb2f41d8c3539d25ba2e9cbefc48e945d76c
- 4c80b15f618430bbdf83f50f013a96c559f99effbfb0a8812f10bfddd086064b
- 72b22fc9be1cc59b6b8677642a4803eeeadebe06987b78db80e5149de5f7f44b
SHA-1
- 4aae6010f1f864403389bf5bbd2632ad8b53925d
- bd86e36a5035778229a2daebc94e006e293f436b
- 2d784e35df6b9ab6e70feab8eaa2b9ac9582a0a9
- a01027a00b163f4f0d77b4adf74a5b5a8ecc8315
- 2cfa0c2693e99a3d646e214cce0c7177c21b4b19
- c7743f95aee8a5b99fc5431719998c43e4773943
- 5e4fc3d85aad55759178396aafc977ca5a632808
- 3de1d7d51d99e04e0e45a963ebff0a83a0581573
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.