2021-07-19 WarZone IOCs

1. THREAT IDENTIFICATION: AVEMARIA STEALER / WARZONE RAT
2.  
3. SUBJECTS OBSERVED
4. Attn: Order Department
5.  
6. SENDERS OBSERVED
7. admincarax@vh283.sweb.ru
8.  
9. EMAIL BODY
10. Hi,
11.  
12. We are very much interested in your product and services urgently,
13.  
14. Can you please send me your company active phone number? because have called your office phone but cannot connect to you
15.  
16. Please can your company supply necessary document with quotation to the exact production sample picture as attached?
17.  
18. Awaiting your swift response.
19.  
20. Thank you
21.  
22. Regards,
23.  
24. DAVE MAKR
25. Procurement Officer
26. Al Saeid Trading Co.LLC
27. Mike Building,2nd Floor
28. Gabil Street,
29. Al Balad Dist (Down Town),
30. Jeddah,KSA
31. Telephone : 920008292
32.  
33. MALDOC FILE HASHES
34. picture.zip
35. 6baddbce995ec8723d9ab85da6fe6032
36.  
37. AVE MARIA PAYLOAD FILE HASHES
38. Full drawing and specification of needed materials with two different sample as seen requested.exe
39. d4c6a1bb7773aa6b1d128f6eacd75add
40.  
41. AVE MARIA C2
42. 176.31.159.203:5200
43.  
44. SUPPORTING EVIDENCE
45. Strings in memory
46. Ave_Maria Stealer OpenSource github Link: https://github.com/syohex/java-simple-mine-sweeper