Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
July 23, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
July 23, 2022Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
July 23, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
July 23, 2022Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 77a8ef617cc8c3b8e3b912b68a8da665
SHA-256
- 1bf491a8fda7dd9c1f0cfecdfc1b27715b2527ce6f8e14d2ffc15e6715fbe9d2
SHA-1
- 2d94c3c8259d69e380dfee1ee49a15d4dd122135
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.