Rewterz

Rewterz Threat Alert – Quasar RAT – Active IOCs

December 3, 2021
Rewterz

Rewterz Threat Alert – Quasar RAT – Active IOCs

December 3, 2021

Rewterz Threat Alert – Anubis Malware – Active IOCs

Severity

High

Analysis Summary

A new info-stealing malware called Anubis was first observed in the cybercriminal underground. The malware uses forked code from Loki to steal vast amounts of data including system info, credentials, credit card details, and cryptocurrency wallets such as Bitcoin and Electrum. This malware should not be confused with the Android banking malware also named Anubis. At present, the new Anubis is being deployed in limited campaigns and contains only a handful of download URLs and C2 servers. This malware uses a text file to exfiltrate data from the victim.

Impact

  • Information Theft
  • Credential Theft
  • Theft of Financial Information

Indicators of Compromise

SHA-256

  • df35d04cc8c5415fd4e0c724c512c81e655bf835d7c54769005fc0e420150be6
  • 3a97ad1a04b42b2d1ad24549b6c3b909d9a429cd4114fe91af7b99f483b6ac5a
  • 5461f6fab47e6faf253d93f58123f3689a0578a8a4a833c2b15bdf06e5432b87
  • a826140d06eba7da17c424398913c371eaeef62b8765de656aafa0fd64a605d0

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.