Rewterz Threat Advisory – New Variant of CRAT Remote Access Trojan - Rewterz
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Screen Capture - T1113 Screen Capture |
Common Information
| Type | Value |
|---|---|
| UUID | cb45a24c-a8a7-4dd5-9afd-c7704749361e |
| Fingerprint | a7d4b6cf2e57af8a |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 13, 2020, 7:17 p.m. |
| Added to db | Dec. 19, 2024, 8:41 a.m. |
| Last updated | Dec. 20, 2024, 5:49 p.m. |
| Headline | Rewterz Threat Advisory – New Variant of CRAT Remote Access Trojan |
| Title | Rewterz Threat Advisory – New Variant of CRAT Remote Access Trojan - Rewterz |
| Detected Hints/Tags/Attributes | 46/1/176 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4 | www.sofa.rs |
|
| Details | Domain | 3 | teslacontrols.ir |
|
| Details | Domain | 2 | publishapp.co |
|
| Details | Domain | 2 | sideforum.cc |
|
| Details | Domain | 2 | freeforum.co |
|
| Details | Domain | 2 | goodfriend.pro |
|
| Details | Domain | 2 | friendship.me |
|
| Details | Domain | 2 | threegood.cc |
|
| Details | Domain | 2 | engpro.xyz |
|
| Details | Domain | 2 | infocop.me |
|
| Details | Domain | 2 | teamspit.pro |
|
| Details | Domain | 2 | dodoi.cc |
|
| Details | Domain | 2 | advertapp.me |
|
| Details | Domain | 2 | insideforum.me |
|
| Details | Domain | 2 | anyoneforum.cc |
|
| Details | Domain | 2 | goodproject.xyz |
|
| Details | Domain | 2 | hellofriend.pro |
|
| Details | Domain | 2 | moonge.cc |
|
| Details | Domain | 1 | calculactcal.org |
|
| Details | Domain | 1 | 3cuartos.com |
|
| Details | Domain | 2 | worldfoodstory.co.uk |
|
| Details | Domain | 1 | bokkeriejesj.nl |
|
| Details | Domain | 1 | theblackout.fr |
|
| Details | Domain | 1 | tiramisu.it |
|
| Details | Domain | 2 | ecolerubanvert.com |
|
| Details | Domain | 1 | lwac.com |
|
| Details | Domain | 1 | copansrl.it |
|
| Details | Domain | 1 | arar-musique.fr |
|
| Details | Domain | 1 | firstalliance.church |
|
| Details | Domain | 1 | erickeleo.com.br |
|
| Details | Domain | 3 | kingsvc.cc |
|
| Details | Domain | 3 | sofa.rs |
|
| Details | Domain | 3 | afuocolento.it |
|
| Details | Domain | 4 | mbrainingevents.com |
|
| Details | md5 | 1 | bf318b2d789a5d45c4a5863fbe0ece92 |
|
| Details | md5 | 2 | ccdb051ad65d9f443206d659427d155f |
|
| Details | md5 | 3 | a3e3886ae43c6e67acf06d8041d8f4d2 |
|
| Details | md5 | 4 | 2a9e49fc80fe5124ac98ff5b874fb4d4 |
|
| Details | md5 | 3 | 6dafaabebf243e1ad2e5b49178230eb6 |
|
| Details | md5 | 1 | 2576807597d95a550a36ba844ee11c62 |
|
| Details | md5 | 1 | 43a070f0eeeb16450e3275855759e140 |
|
| Details | md5 | 1 | 0af049b51a11c0896cb287610c7a313f |
|
| Details | md5 | 1 | 0646f5a3b0e66eb698960baf50a054cf |
|
| Details | md5 | 1 | cea68bb0e2d54b1fdca1baa7395906fa |
|
| Details | md5 | 1 | 2b326540fdf2989742000b1506770663 |
|
| Details | sha1 | 1 | 750f7f89b89bf9d33661e11d18562d2d90b09ac9 |
|
| Details | sha1 | 1 | 14050be50c0220f70c60af7a1d279afcca06294e |
|
| Details | sha1 | 1 | 288af05268b194be58183f87cad4ba664c73202e |
|
| Details | sha1 | 1 | 49bc6b93623861982bb68cf7b0b2fbfc78b5443d |
|
| Details | sha1 | 1 | 5a6fc000489cde1bb70274562210ee1738923986 |
|
| Details | sha1 | 1 | 6bb3c6032ff60820cf0ad5dd097e88c72173674f |
|
| Details | sha1 | 1 | 05fc48aa9558377874b2ee7df45b41333117f89f |
|
| Details | sha1 | 1 | d60032efb552c1af6ca3d62166804c8fd9bff641 |
|
| Details | sha1 | 1 | 44ab359993da31d9f335b58ecf1ae091704a987d |
|
| Details | sha1 | 1 | eabbe1d9e495dabc2a4c538502ef6fea44dc975e |
|
| Details | sha1 | 1 | 613750e0ab2c1243d5c4debd1220288571762d7c |
|
| Details | sha256 | 2 | eae3dc403d36b115aa4f7db64cb1a64fa50dbff2b6ce3d118eeb1f745d1ecd14 |
|
| Details | sha256 | 2 | 7050af905f1696b2b8cdb4c6e6805a618addf5acfbd4edc3fc807a663016ab26 |
|
| Details | sha256 | 2 | b962e4580e05e004df9fe2c22b34556bc513370c9a775bfe185e05a9d0df494e |
|
| Details | sha256 | 2 | bd1a0425ffaafa54a1c950fbb3d0defe9fa145131e4bd15d392597de408f5287 |
|
| Details | sha256 | 2 | c0bd35a36ea5227b9b981d7707dff0e2c5ca87453a5289dc4a5cd04c7e8b728c |
|
| Details | sha256 | 2 | 389518ac65595ad9138b5dd0185aae851d979d4705d74f191492f002e63438c5 |
|
| Details | sha256 | 2 | 916654e2ee43d2ee43f0d5e9d41f8527aaf239684f91f9b92ac5c1937cd45c91 |
|
| Details | sha256 | 2 | e893b4f6b6f3ab977c96ab5e2c6115969cbe46a143531bfc9920d1b9972ebc12 |
|
| Details | sha256 | 2 | eab9136da8cc5c1a8a9fc528d64ef1ce11e385def98957712887785178e202a3 |
|
| Details | sha256 | 2 | 04c46c55336ac40d567ef0aac98ff8424872b584ea169c1a098ced833dd9bab4 |
|
| Details | sha256 | 2 | 2cff5e7d4405bf09f423db1d7a8e535a6be2f68cc4ce4a5817ae01bee09f088a |
|
| Details | sha256 | 2 | 4aa2dc282c56e397b501d84cfd6c582cc256c42e8b6722b45a592cf2008a6495 |
|
| Details | sha256 | 2 | 05d4da2cb9f6d5d44c399f42a81bb393b2ff6669d64ea773b58d2daf4df10d00 |
|
| Details | sha256 | 2 | 5b627647df675d746f63280cf10a221abfe0a93bab88a96e45b4734beb05c021 |
|
| Details | sha256 | 2 | 11c266c1b0f0428585d40fc95d1a7d3eedb3d0f304cf7ebc692c4487e18c9afb |
|
| Details | sha256 | 2 | 26c70fa62e1d092ad1855900cd0db4e224b11e84fdf14105ade5e2b2a3dc1b62 |
|
| Details | sha256 | 2 | 37f3f6cdb0a35b4cea75b7cf2dae613c71370e00acdb2cebfc7d95fe33eb97a9 |
|
| Details | sha256 | 2 | 87ce3a13a58ae8007b002ac81f43dc364c1b93b0d3c2a19d46a4480caca9ae29 |
|
| Details | sha256 | 2 | 88f5c94ad66e75a66795875bacafb3cbbe87d1533ae3ddb41575b9711965c75b |
|
| Details | sha256 | 2 | 844d60691d843de53d42b73d635314d50c4ba4d3b2aa2b93465ac0336e4c0588 |
|
| Details | sha256 | 2 | 931f57262214890f3eff9add25fb5dc2521185e4567c722637f173343b02b9fb |
|
| Details | sha256 | 2 | 2263031c15809b49e7d8161e147a4844722f6f576d276b2be38a0c794417dd2a |
|
| Details | sha256 | 3 | 6f79db3e7fa1f3c9e1ea2e0fe098994f109949f82b97c6612386693164d3c7e2 |
|
| Details | sha256 | 3 | ca3372bb37e7109896c28247faadd157759d5e68ac324a54ff0759590f956094 |
|
| Details | sha256 | 2 | 0eca58ef6f2aba6b3e686f76039945b3a8a8110d357a4f8d857757c218ca0c1e |
|
| Details | sha256 | 2 | 59628b36ba65a57600c48eaa57c8dcfffc955e447cb3e41b7351e875b359f714 |
|
| Details | sha256 | 2 | a668af2c1b45bf83d509c88ad4b3e6fbadc7e9e3db4ea688888c7712866d1339 |
|
| Details | sha256 | 2 | 955abf30fd464dd572938eaf324d3447ecd8cb6df183bbddee2a58f54da83f4c |
|
| Details | sha256 | 2 | 2916801be5b6d26d735aaa11eb5631fc6dbe234ed2e0980b8d7366c89ad7ba39 |
|
| Details | sha256 | 2 | 8377a53f7890f3cf01f8919207c981fb63b1b0e63860d5731622a0cad94fdd09 |
|
| Details | sha256 | 2 | 8ae6f663bf40036379857d65521ce1c78c11cd9b5b4848cec0e7f1ad56e65743 |
|
| Details | sha256 | 2 | ab794769599c3f046d34d00051685b7235bce119f212ec8739b6e206dd73b0bf |
|
| Details | sha256 | 2 | 1ea8b9f307f2c4202380f1fe14044ff4b9140337b53fdf627e5411e979b4b5ea |
|
| Details | sha256 | 2 | 3b55f8467b2d3bc34c7fe4e0c4502bc1045c50d7c7fedda4a14eaf9094dfc8bf |
|
| Details | sha256 | 2 | 3f47d73a9d6597da1bdbf36f804b0b69a9958225ace088747098d3a24f5a5957 |
|
| Details | sha256 | 2 | 5464728537836d4aa3d03e4d29ef21e59a324252c4b2a15ec21e9f5280f7c280 |
|
| Details | sha256 | 2 | 7a78dacbb7ff88b536d4a8db4e647df9efed8cea2d26cef0e21f7791e61bfbad |
|
| Details | sha256 | 2 | 1101d00223a62e77718da28053758208897d1dc627a06a01f0e620a6ccad3812 |
|
| Details | sha256 | 2 | 277931bf51f195fceb9befad6f4cc9e613d203ed90d3e4a05a16bc603809dec6 |
|
| Details | sha256 | 2 | 4dccd9861da3b47bef43c72546044c1d136a5cb020aaa65a1ea494aec35e4910 |
|
| Details | sha256 | 2 | 5e10cda5415e28b3efc9b909da6518d1cbcb56957e9850b99a4eee3893400012 |
|
| Details | sha256 | 2 | 5fd89dbd129877d5141f9731a61af867b74fc7a33213233307b725ec97532a7b |
|
| Details | sha256 | 2 | 72d7b55e82080ff84693e1ecdfa7128ef9c513b3b8cc5e411715a40ef4ee0557 |
|
| Details | sha256 | 2 | 8f0bfbde00e5e86223e586874df892e6fb2b97b133a909b7fdeacf7614df478f |
|
| Details | sha256 | 2 | 9461599bc85cf2ef11cb79a827fd365a086726b7c022fb2bfe5fb9f83e71cf9a |
|
| Details | sha256 | 2 | f051c2f99b2d94b0fc5ae7893ec0467f4175cfa926cfc573a6b65a40c566f94d |
|
| Details | sha256 | 2 | e93423a1c8add21c5676680a090ddc913d359c29ea9e44ffc91fb10396e3e858 |
|
| Details | sha256 | 2 | a24d66f4356de33ba9227d4e496cc975995f1bd72d72e47f74f07648c45c5308 |
|
| Details | sha256 | 2 | 147f1de257ccbe54b0fca9e61e0f2061172459bef4eeb12014d27e48d99f27ab |
|
| Details | sha256 | 2 | 1c17b631988d0b8b722adf9c973c6577c7983a9b0cb069dd1d442d04f4dd73df |
|
| Details | sha256 | 2 | 2ef70a256dde1a9700527c995be417447dee1857759e8279aa7a287f85c9de96 |
|
| Details | sha256 | 2 | 359bfd21ed9a5deedc19700355776ede266e5c8532584289db45ebe2fd8d8afe |
|
| Details | sha256 | 2 | 3c2e708989193b3497c2c97c3957d4abd2d5989c82832ce5c4a3b5a4c9ecd3f8 |
|
| Details | sha256 | 2 | a1c7709d147d8182892585bc965317816367ebabc273e8a99559ade24b19ed7f |
|
| Details | sha256 | 2 | 057cffe539a414ec4cef730e4fbf7861b61a7331bbd6d7feb55c76221a8cc6d3 |
|
| Details | sha256 | 2 | 12a7cec5631141f61ef159fbb43103a3cdd79ddd3a0270df62d4c4fa4635b03e |
|
| Details | sha256 | 2 | 6d57df368c3e58be61bc36ee35123dcc5ce6d7a04cd6acfe7e10588038589ad4 |
|
| Details | sha256 | 2 | a7da1ec5745bb7ef5a4fd05d37d83b49b41ab70fae518e6a00b7caa30c417576 |
|
| Details | sha256 | 2 | 3c6b9fb9d680704a1a6c17ef5b3e10b043d15c137dc04688f5802cddbddf90fe |
|
| Details | sha256 | 2 | a52a8a9c99f58fb18ca3f969736f1deffd611c35851cff1bd5bd36ef27f2426d |
|
| Details | sha256 | 2 | f070b78ca7269addb922f9ea9a31f76198edb2e1064d9b04ca8d80ecba175ca4 |
|
| Details | sha256 | 2 | 683b4472a0df8af6c93ff10179e981a7908173bfb81bac2e12a3b9a022cf08d7 |
|
| Details | sha256 | 2 | 49aa98e2100752c09d01a7638ea9ead3dd2fc72d826c4b77d188990b3599b08c |
|
| Details | sha256 | 2 | 9f953f544afd265176ecb904cc8286cafc27270df0cec56265259c1588083202 |
|
| Details | sha256 | 2 | a052ee9f75231a60ad1210411b7296ff5adf7e9e268bf2f123f0560e0cb37b09 |
|
| Details | sha256 | 2 | 46fd13169cf8e3dcefbd552918a0914261fd22dc22bd9cba167042288432f2b2 |
|
| Details | sha256 | 2 | 9a6d3d07e784247fac1292c0f17a46247e8bdeb1f468c9b8b48c4459063c3ed5 |
|
| Details | sha256 | 2 | 70d92da003eb044d9c5aa057400256a51836466d2f20066deedf64e294466c20 |
|
| Details | sha256 | 2 | eb9382b77f7ed3429b0fcfb5d5d64c0702f0c4d91c45bb8d3442ff1f851b8035 |
|
| Details | sha256 | 2 | cd20d7209db84b35cae88affe228f42258b497eee2b36f0e3364779e58e5e2ce |
|
| Details | sha256 | 2 | e4c1eaf014773cc25e2881fa2b2a67490a73c66683f5746276af7067777ed8b2 |
|
| Details | sha256 | 2 | 396ffa925165de08d0b5bf6cc6974a02a18b44ce60c3d3e657ba6c6153760138 |
|
| Details | sha256 | 2 | 9fc572e3a6c30221e5eecdd488efabbaf1bab04dff34860263495620fa4706c1 |
|
| Details | sha256 | 2 | 0313641c0ed1defa6cb52e787f81eab3de8c0c546b4e157d803aab721fec3dc8 |
|
| Details | sha256 | 2 | 7a3915a7d919fb266496616a06311c456c8e45b98cfd24c92ac4bf0af75fa3ef |
|
| Details | sha256 | 2 | 02c4ba967900b49828985f7b67ebd21daa11b8bc9e4e0b6e5e9fef2de8fdc6d4 |
|
| Details | sha256 | 2 | 3d47ca0810b2d296aaa2541ef621f5d834dfbbd89cb671a2a95b7f2bddbd3e4e |
|
| Details | sha256 | 2 | bb1af121502e40a549135b72f34ad49d11cfbfa49b5cbcf549777549087fe751 |
|
| Details | sha256 | 2 | fb2ad747903f46d03b19b12c46a3e678e8a0c156092fb334aab47714a041265c |
|
| Details | sha256 | 2 | cb141c743ac41784501e2e84ccd9969aade82b296df077daff3c0734bb26c837 |
|
| Details | Url | 2 | http://www.sofa.rs/wp-content/themes/twentynineteen/sass/layout/h1.jpg |
|
| Details | Url | 3 | http://teslacontrols.ir/wp-includes/images/detail32.jpg |
|
| Details | Url | 3 | http://teslacontrols.ir/wp-includes/images/detail31.jpg |
|
| Details | Url | 1 | http://publishapp.co/update/check.php |
|
| Details | Url | 1 | http://sideforum.cc/forum/list.php |
|
| Details | Url | 1 | http://freeforum.co/forum/list.php |
|
| Details | Url | 1 | http://goodfriend.pro/projects/list.php |
|
| Details | Url | 1 | http://friendship.me/users/register.php |
|
| Details | Url | 1 | http://threegood.cc/api/manage/customers |
|
| Details | Url | 1 | http://engpro.xyz/images/detail.php |
|
| Details | Url | 1 | http://infocop.me/products/list.php |
|
| Details | Url | 1 | http://teamspit.pro/adverts/follow.php |
|
| Details | Url | 1 | http://dodoi.cc/photos/preview.php |
|
| Details | Url | 1 | http://advertapp.me/user/invite.php |
|
| Details | Url | 1 | http://insideforum.me/forum/list.php |
|
| Details | Url | 1 | http://anyoneforum.cc/forum/list.php |
|
| Details | Url | 1 | http://goodproject.xyz/projects/list.php |
|
| Details | Url | 1 | http://hellofriend.pro/users/register.php |
|
| Details | Url | 1 | http://moonge.cc/wp-content/plugins/google-sitemap-generator/sitemap-builder-embed.php |
|
| Details | Url | 1 | https://calculactcal.org/wp-content/themes/twentysixteen/body.php |
|
| Details | Url | 1 | http://3cuartos.com/wp-content/plugins/music-press-pro/templates/global/update.php |
|
| Details | Url | 1 | https://http://worldfoodstory.co.uk/wp-includes/register.php |
|
| Details | Url | 1 | https://bokkeriejesj.nl/wp-content/plugins/music-press-pro/upload.php |
|
| Details | Url | 1 | https://encontrosmaracatu.com.br/wp-content/plugins/music-press-pro/templates/global/topmenu.php |
|
| Details | Url | 1 | https://http://theblackout.fr/wp-content/plugins/music-press-pro/music-pro.php |
|
| Details | Url | 5 | https://mokawafm.com/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/image/dialog.php |
|
| Details | Url | 1 | https://http://tiramisu.it/wp-content/plugins/wp-comment-form.php |
|
| Details | Url | 1 | http://http://kartacnictvi.cz/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/image/upload.php |
|
| Details | Url | 1 | http://http://dimer-group.com/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/image/download.php |
|
| Details | Url | 2 | https://ecolerubanvert.com/wp-content/plugins/image-intense/know.php |
|
| Details | Url | 1 | http://lwac.com/wp-content/plugins/gallery-plugin/includes/demo-data/images/music/photo.php |
|
| Details | Url | 1 | https://http://copansrl.it/wp-admin/user/invite.php |
|
| Details | Url | 1 | https://arar-musique.fr/wp-content/plugins/music-press-pro/includes/admin/upgrade.php |
|
| Details | Url | 1 | https://http://firstalliance.church/wp-content/plugins/music-press/templates/404.php |
|
| Details | Url | 1 | https://erickeleo.com.br/wp-content/plugins/music-press-pro/go.php |
|
| Details | Url | 1 | http://http://kingsvc.cc/index.php |
|
| Details | Url | 1 | http://http://sofa.rs/wp-admin/network/server_test.php |
|
| Details | Url | 1 | http://http://afuocolento.it/wp-admin/network/server_test.php |
|
| Details | Url | 1 | http://http://mbrainingevents.com/wp-admin/network/server_test.php |
|
| Details | Url | 1 | http://http://afuocolento.it/wp-includes/process.php |