Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
December 28, 2021Rewterz Threat Advisory – CVE-2021-45232 – Apache APISIX Dashboard
December 28, 2021Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
December 28, 2021Rewterz Threat Advisory – CVE-2021-45232 – Apache APISIX Dashboard
December 28, 2021Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 4492b697476ff0b7fec55b82d163d200
- 026c6ed9154e7cfa7329ef6d006f162a
- 64b3320986534b74108fd797d76e68bd
- ba9f4a20ac21ac17f3b45a20603d5548
SHA-256
- 9766f8a3e27f1e7373beedc2a418dc37931479af03eb239aff3ba563f41ddaf6
- b2cc06da4ded75a02683e73536f3a0af671b55bc28c9a2627d7afdaac66b9e32
- 965a8d621907f2a2c04e8ca84801f448c68e133491b26d5336c851059db5b3ec
- 30c2c6ab4ddd7c5bcd0da13b6b6d7dff544bfb369f6c8a0c3825e54a8852059c
SHA-1
- 5a49778094b58440a49491d29f00b7670049bf6d
- d4bf2328f373a4c303a93d616f819b7158e25364
- 099181e3a66fb56762b5e53a78813e59c20ef385
- 3100499f3e580963d5e5cebf15da26e23538fac2
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.