Rewterz Threat Alert – Emotet – Active IOCs
July 6, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
July 6, 2022Rewterz Threat Alert – Emotet – Active IOCs
July 6, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
July 6, 2022Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 471e8847f6fec0b0927babfb597a5dec
- b51d5003ae9b2b7070ab6a9c6821dd36
SHA-256
- 594b1fc41c7fdead2f086ef454c76826bafe61418a69814f9942f55e90b4cf3b
- c5720a9a15679dc24b4fa199cea22c81b290bad08296be21d9e1fa4884751b79
SHA-1
- 41f5e4c091222b3f29d1b2e18ce3a373f966e146
- ee951581bf2eed5519676a6e9bcbf4f6ccb4c1d4
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.