March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Wanna Cryptor aka WannaCry Ransomware – Active IOCs
December 23, 2022Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
December 26, 2022Rewterz Threat Alert – Wanna Cryptor aka WannaCry Ransomware – Active IOCs
December 23, 2022Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
December 26, 2022
Severity
High
Analysis Summary
Gh0st RAT, aka Farfli, PCRat is a remote access trojan that allows an attacker to access an infected machine to harvest sensitive information and data. This type of malware enables cybercriminals to gain complete access to infected computers and attempt to hijack the user’s banking account.Some variants of Gh0st can be used to install cryptocurrency miners and/or various trojan-type programs. Cybercriminals use these controls over the infected computer to access the victim’s bank account and transfer money without authorization.
Impact
- Credential Theft
- Unauthorized Access
- Theft of Sensitive Information
- File manipulation
- Remote command execution
Indicators of Compromise
MD5
- a7f28d224d5def47734faa8cd33396de
- b11e7218cb481804403951feca2b5c23
- a9ad72c409a9d0746fd59cc4d392d2b0
SHA-256
- 30f10176b92c383ba5cbaf98a69df52c51dc44b95d1490c6516bc71b1c022a2b
- f81cefc5b27a8930fa7fd83d5d46df5d46ceb45f244cc0366f3b72d53b5a2721
- 95fd93f3c2eb0bc7bbff95fb4e1e1df48486e67e025c0ff96b94a0e17add140b
SHA-1
- 866dd43483514121794b5a2c423652437fa753f5
- 734dd67c960c786c2c55026605d5702dae6d0d86
- 967bfc3d4980fd9a25002282119e36d87ff10be4
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Patch and upgrade any platforms and software timely and make it into a standard security policy.