Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 3, 2021Rewterz Threat Alert – Anubis Malware – Active IOCs
December 3, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 3, 2021Rewterz Threat Alert – Anubis Malware – Active IOCs
December 3, 2021Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- f95ce2732a538e408e478e82b3a804f1
SHA-256
- c91a4f4887ea52c1ebdd632a451736c1860966c33b5cdf73525749b2dc7ffac0
- dea6dcd0a62d2a9d4041a263496995594b72f22202d0998570c5422948739960
- 0f5aaf28eb6b495f9b88544e304e6d7be77c3eb4a8d21bafadb5f2a900a095ae
- 6b75d2617a299508f56fbc2c6b393cfb89beee75cdd3ed1766d319a09dfa3275
SHA-1
- 6bd272ba7af2f2386adb9c1e338c8c98bfb07dad
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.