Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
July 28, 2021Rewterz Threat Advisory – ICS : Mitsubishi Electric GOT2000 series and GT SoftGOT2000
July 28, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
July 28, 2021Rewterz Threat Advisory – ICS : Mitsubishi Electric GOT2000 series and GT SoftGOT2000
July 28, 2021Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cybergang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geo location domain and then the RAT is downloaded.
Impact
- Data Theft
Indicators of Compromise
MD5
- db537828a4ebdb297f503b8fdc1b00ab
- 9edc6bd6360c3d3e593e6f63353fe45a
SHA-256
- 83d824648b5c0561f7484edb2b624a7a1f21d6c1fbeead856225c88af1cc219c
- 46384028b4c21ce3ed937de84665be89cb78cad140c85a63806f7ebf0a23ce88
SHA-1
- 1700154b1f0b80ef6bb0d3b0123e9477bcde85ef
- 9f305ba70a0b5056dd1934a83acfb7cc04618de6
Remediation
- Block all threat indicators at their respective controls.
- Search all IOCs in your environment.