Rewterz Threat Alert – Quasar RAT – Active IOCs

Rewterz Threat Alert – Emotet – Active IOCs

July 6, 2022

Rewterz Threat Advisory – Multiple GitLab Vulnerabilities

July 6, 2022

Rewterz Threat Alert – Quasar RAT – Active IOCs

Severity

Medium

Analysis Summary

Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.

Impact

Data Theft
Exposure of Sensitive DatA

Indicators of Compromise

MD5

471e8847f6fec0b0927babfb597a5dec
b51d5003ae9b2b7070ab6a9c6821dd36

SHA-256

594b1fc41c7fdead2f086ef454c76826bafe61418a69814f9942f55e90b4cf3b
c5720a9a15679dc24b4fa199cea22c81b290bad08296be21d9e1fa4884751b79

SHA-1

41f5e4c091222b3f29d1b2e18ce3a373f966e146
ee951581bf2eed5519676a6e9bcbf4f6ccb4c1d4

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Alert – Emotet – Active IOCs

Rewterz Threat Advisory – Multiple GitLab Vulnerabilities

Rewterz Threat Alert – Quasar RAT – Active IOCs

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA-1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan