Rewterz Threat Advisory – Multiple Apache Ozone Vulnerabilities
November 22, 2021Rewterz Threat Alert – RedLine Stealer – Active IOCs
November 22, 2021Rewterz Threat Advisory – Multiple Apache Ozone Vulnerabilities
November 22, 2021Rewterz Threat Alert – RedLine Stealer – Active IOCs
November 22, 2021Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- e90afde8ac542a8ab5be7f69b2ec6f7a
- ec58db40309c4a36d245b2823c0f9a78
- 11d6257a8b9377b8790ada36e2b26289
- ae164716e3d0cd88e7b690f51a82ed19
SHA-256
- 84e88bb632074b9318595472ad9b047d9c8bfe4de928a5536d162510fbcea70c
- 0737256b43d29c1f2d982aa7fb356e3994511370a7f186e5e072bbba9acdd808
- e6f8518ccc5ac3357264d08a4605351f3fd5cb5dcca0733b6ae3db2ce263c6cd
- 1deaaa9f369f4126c70979c4de38c3147ec951c40f6540e973511f809069bd3a
SHA-1
- f05b2e4288caaa4c2320a34783c51481dfeef98e
- ed0b8acab215ddf55f2bcc466d79e9f3328a1c38
- 2c6e3b36940202442338cf5ab4fdd09bd5b5fddc
- b0f84983d17bb4099dbd8041dedea3259ea0e8b3
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.