Rewterz Threat Alert – Anubis Malware – Active IOCs
December 3, 2021Rewterz Threat Advisory – CVE-2022-20002 – Google Android Vulnerability
December 3, 2021Rewterz Threat Alert – Anubis Malware – Active IOCs
December 3, 2021Rewterz Threat Advisory – CVE-2022-20002 – Google Android Vulnerability
December 3, 2021Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 827769160f1c2f95f9695a2d5fb54196
- dd6f97becdd24e1c2c1b7662bb3760aa
SHA-256
- d43a3e7224191e2e6c7639033a7adada48053f4040fcbe5f8892e40cbdb9a86e
- 6b869d8825516d0b977d48043d1d56d233de7b128074b068566dc33e0ff9fdb7
SHA-1
- 9dce9a6f44019f71fdb3269e20fcedd1eb46dcd8
- a2894d09e5fc6f0a5ee5ec27119b02ecbc2d9a79
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.
- Search for IOCs in your environment.