March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – LokiBot Malware – Active IOCs
June 29, 2022Rewterz Threat Advisory –CVE-2022-31103 – Node.js lettersanitizer module Vulnerability
June 29, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
June 29, 2022Rewterz Threat Advisory –CVE-2022-31103 – Node.js lettersanitizer module Vulnerability
June 29, 2022
Severity
Medium
Analysis Summary
Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.
Impact
- Data Theft
- Exposure of Sensitive DatA
Indicators of Compromise
MD5
- 1bb01b61be8e3ca7a9c99e26fc1e230b
- 4a5ed49af625329626f3f03b17b419dc
- 6726d4d3557b8227d6fc07bc11332c0e
- 36e461f254e876d2fd7d78c0bcd271cb
SHA-256
- e27bf8b873d645083a586f4b9f41a1534c0ec43b2cd7ee2f811c697f0f411d17
- a298ca28f8e0e3d44c88dbc0e36ee5da3159b46170a38da0ae89778151349505
- 46e2f4c3b0458ed154c1adb634370716abdf4857385caa71a6611aaff9d63e29
- 7e6bc7f101b189549bd52b3a25e4cd3e914ab83670b2cd1f74d5b400c2d9cd55
SHA-1
- 0a7d82bd35f1191fd456cc474ebb37450d2a395a
- 1f5a5558de52c6b77b6332aaa0a12da48f2e05df
- c393426504848720d0c733e0d7977ee109b4583d
- 95414a17eb32280598a306747a95b0fce7db4691
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.