{"id":23922,"date":"2024-02-13T04:10:13","date_gmt":"2024-02-13T12:10:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/02\/13\/news-17652\/"},"modified":"2024-02-13T04:10:13","modified_gmt":"2024-02-13T12:10:13","slug":"news-17652","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/02\/13\/news-17652\/","title":{"rendered":"Warzone RAT infrastructure seized"},"content":{"rendered":"\n<p>On February 9, 2024, the Justice Department <a href=\"https:\/\/www.justice.gov\/opa\/pr\/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales?ref=news.risky.biz\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">announced<\/a> that an international operation had seized internet domains that were selling information-stealing malware. Federal authorities in Boston seized www.warzone.ws and three related domains, which sold the Warzone RAT malware.<\/p>\n<p>The Warzone RAT malware, a sophisticated Remote Access Trojan (RAT), enabled cybercriminals to browse victims\u2019 file systems, take screenshots, record keystrokes, steal victims\u2019 usernames and passwords, and watch victims through their web cameras, all without their knowledge or permission.<\/p>\n<p>On February 7, 2024, two suspects were arrested in Malta and Nigeria, accused of selling the malware and supporting cybercriminals who used it for malicious purposes.<\/p>\n<p>The operation was led by the FBI, and supported by Europol and the Joint Cybercrime Action Taskforce (J-CAT).<\/p>\n<p>Anyone who is a victim of a Warzone RAT computer intrusion is urged to report it to the FBI via its <a href=\"https:\/\/wzvictims.ic3.gov\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Warzone RAT Victim Reporting Form<\/a>. <\/p>\n<h3 class=\"wp-block-heading\" id=\"h-signs-of-infection\">Signs of infection<\/h3>\n<p>There are some know Indicators of Compromise (IOCs) for recent versions of the Warzone RAT (aka AveMaria Stealer):<\/p>\n<p><strong>SHA 256 hashes:<\/strong><\/p>\n<p>0246d4eb99473ba449b98548167d0767b68b075749a8962d0573851f505689b5<\/p>\n<p>19dba570adb979d9063882d8dd6d880d1f37f25e600cc07097646946ebc947a2<\/p>\n<p>7de4fbda4834453be39c6e20697ab0cde46cf417c953a2f1ba3ab63442d49981<\/p>\n<p>94f836d1cd5bfe8a245a0b66076c86506f53b2fae38ed5da7b2f13cfa07b6cac<\/p>\n<p>b66c5ebef83e48811156c3499b79c798c178d5655d6448403cb070061aba4f4d<\/p>\n<p>dd1fa6cb67aa97468e62afeec6bfa9c1cb52f5acf029ab77a0fdd2e34cd50a21<\/p>\n<p>de492c6384df2afd8c36f3f8ca910d93a21a2981b3c3a80e8a858d643122d488<\/p>\n<p>Warzone RAT is usually spread by emails that use social engineering methods to trick the receiver into downloading and triggering the infection.<\/p>\n<p>General signs that a RAT is active on your system may be:<\/p>\n<ul>\n<li>A slow computer and seemingly slow internet connection.<\/li>\n<li>Unknown processes in Task Manager.<\/li>\n<li>Missing or altered files on your system.<\/li>\n<li>Unknown entries in the list of installed programs\/software.<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\" id=\"h-prevention\">Prevention<\/h3>\n<p>To keep RATs off your systems, the most general rules of security apply:<\/p>\n<ul>\n<li>Keep your software and internet connected devices updated.<\/li>\n<li>Only download apps and other software from trusted sources.<\/li>\n<li>Be careful about which sites you visit and which emails you open.<\/li>\n<li>Never open unsolicited email attachments.<\/li>\n<li>Use an up-to-date <a href=\"https:\/\/www.threatdown.com\/\">anti-malware solution<\/a>.<\/li>\n<\/ul>\n<p>Malwarebytes and ThreatDown products will detect the Warzone RAT as:<\/p>\n<ul>\n<li>Trojan.MalPack.PNG.Generic<\/li>\n<li>Trojan.MalPack.MSIL.Generic<\/li>\n<li>Generic.Malware.AI.DDS<\/li>\n<li>Malware.AI.2990474738<\/li>\n<li>Trojan.MalPack<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p>Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-371336e6-815b-4134-8818-f944dbc308bb\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/business\/contact-us\/\">TRY NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/02\/warzone-rat-infrastructure-seized\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> International law enforcements agencies have disruped the infrastructure behind the Warzone RAT. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[30867,32,2759,10438,30868],"class_list":["post-23922","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-arrested","tag-news","tag-seized","tag-threats","tag-warzone-rat"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23922"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23922\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23922"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}