Rewterz

Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs

August 10, 2022
Rewterz

Rewterz Threat Alert – Vidar Malware – Active IOCs

August 10, 2022

Rewterz Threat Alert – Ramnit Malware – Active IOCs

Severity

Medium

Analysis Summary

The Ramnit malware has numerous variants, which may individually be categorized as trojans, viruses, or worms. The first ramnit malware discovered in 2010 were viruses that infected exe, .dll , and html files found on a computer. Later variants included the ability to steal confidential data from the infected machine. Depending on the variants, Ramnit-infected machines can also be enslaved in a botnet.

Impact

  • Information Theft
  • Exposure of Sensitive Data
  • Credential Theft

Indicators of Compromise

MD5

  • be05e80b305820415eb46e15393b66f0

SHA-256

  • d58184406f1719a9b303bbb7b0c99c2637d4b70375120218c04417391f160428

SHA-1

  • 1ee70eb5f8465ac6cd0b8bb2267a953492c1f9ab

Remediation

  • Block the threat indicators at their respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.