Rewterz Threat Alert – Nanocore Rat – Active IOCs

June 8, 2022

Rewterz Threat Advisory – CVE-2022-24429 – Node.js convert-svg-core module Vulnerability

June 9, 2022

Rewterz Threat Alert – Remcos RAT – Active IOCs

June 8, 2022

Severity

High

Analysis Summary

Remcos malware has been operating since 2016. This RAT was originally promoted as genuine software for remote control of Microsoft Windows from XP onwards, and is frequently found in phishing attempts due to its capacity to completely infect an afflicted machine. Remcos malware attacks Windows systems and provides the attacker complete control over the machine.It is frequently distributed by malicious documents or archive files that contain scripts or executables. Remcos, like other RATs, offers the threat actor complete access over the infected PCs which allow them to record keystrokes, passwords, and other critical information. Remcos incorporates various obfuscation and anti-debugging techniques to evade detection. Regular updates of its features by its creators make this malware a challenging adversary.

Impact

Breach of: Victim’s machine information (OS version, computer name, system type, product name, primary adapter).
User information (user access, user profile, user name, user domain)
Processor information (processor revision number, processor level, processor identifier, processor architecture)

Indicators of Compromise

MD5

94ca95fce682c0d591e9fdc4733c43b4
e3b426d179aeb615e9a1eefac3015fca
e4c8d9d48de532ce633bdd1824434593
f4c0fc1e47d8cb0250bf185b14445cca
3ef0093682fea17613a9c33b100a3664
94a9326ba9f96c783bc38656116f3e28
aaef1552c3abb4bbca91340eb9f52955

SHA-256

6596d13971abb2bc9baf526fd083b3c15781e70a3845295cf0660c52a67c9bd2
56795470a3bd1762459af050088e74f3a693ba31980aa545f7a0bca1024f457c
eb9f9d5d304acc0c162c922f5a12a80a28e511e536ed3f4b18f7d301a7502640
d26202b0d591d64d0c9b9741c35b1a4a98b84356c6fde212429a72182b5d346e
b07f08cbf908eb0d5c93679c8dca8438e4f185a70d675ad79184533dc6b4b262
39b53341617cdf6bed878d2272969630da4ce0c8c4eae7ca20511afdffdc0934
49bc50c3b1ff689c3cbcfcf1f7d42f29547f15f4ab990dafc27f5eb4b562d446

SHA-1

5df3742e121b18cddbd389a7e5102c0e1eae6f90
fdbef3d071cfbfb5c6dad4b54c1d9ccdee4d6cce
f5dbacdf640d852fd2a59c569773826dd032c4c6
a7305608212c0e381d18d59f7da55cc5dbd0e2d8
5106a28e9af9270b868b5391e081679aa161ecc3
5e6f7686b99ecceaedd0ffd559560f5a24e30d82
d322cdc6f794c41109e77cebc876d193988c15fd

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us