March 11, 2025

March 11, 2025

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Rewterz Threat Alert – Emotet – Active IOCs

November 16, 2021

Rewterz Threat Alert – Raccoon Infostealer – Active IOCs

November 16, 2021

Rewterz Threat Alert – Quasar RAT – Active IOCs

November 16, 2021

Severity

Medium

Analysis Summary

Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.

Impact

Data Theft
Exposure of Sensitive DatA

Indicators of Compromise

MD5

0b1906293450341a4fc2d4cd2d4f1b48
9860743c4ff83784de05aa8444594aed
ce745a746f4ca8df4e9d83388680143d
f4bae1bb67567585b68a87e9eb5356bd

SHA-256

3c70bee98b3b7ec593a986787ad60f4ad8c1161e48986d3ed254886fbadc55d5
70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
a867b08a91450491a1a7bac89b087e743c9dc68edc8c37f2fa320b609485c5bd
00650b22661abfa24d982b635ed235662895c51b7260167a3f8672ff278cfdf

SHA-1

0f9a4604fb09b2262c8a99653e856ed71dbdc054
517ab424f9f6ee8de223e396691f1cb3b2d01a09
2b8b28433e676b3ceb6904325aab87f369424111
1a7370030a73c0d70ca90a4e9f99c85f8043ba6e

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Emotet – Active IOCs

Rewterz Threat Alert – Raccoon Infostealer – Active IOCs