Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
March 14, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
March 14, 2022Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
March 14, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
March 14, 2022Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive Data
Indicators of Compromise
Filename
- Leaked_Kremlin_emails_show_Minsk_protocol[.]zip
MD5
- 73064908c315a519a0fb595e60f389b3
SHA-256
- 456e7f67c161e6081066476ff10ee8e19e7db9d8d8534e087ded207f0e03a7ce
SHA-1
- b9b05fa7ab5704e93bac30d8d50c55b1298ee5c6
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.