Rewterz Threat Alert – Quasar RAT – Active IOCs

Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs

September 7, 2022

Rewterz Threat Advisory – CVE-2022-30190: Follina Vulnerability (MSDT) – Active IOCs

September 7, 2022

Rewterz Threat Alert – Quasar RAT – Active IOCs

Severity

Medium

Analysis Summary

Quasar virus is a Remote Access Trojan (RAT) that is often abused by cybercriminals to take remote control over users’ computers for malicious purposes. Exploiting a path traversal vulnerability of WinRAR, a Molerats spear-phishing campaign is discovered. It is suspected that a Gaza Cyber gang group is behind the campaign. In the first step, the victim installs a downloader in their operating system which then gets infected with a RAT (Quasar). The downloader typically first tries to connect to a geolocation domain and then the RAT is downloaded.

Impact

Data Theft
Exposure of Sensitive DatA

Indicators of Compromise

MD5

c71ea43ecfe9c6a6ee76ee7c3faa3dab
3c631b8a295f115daecd22d097026312

SHA-256

962e25829a14a95ad95d8893db8464eb072dffaf53bdb91e8a76d79a01e4f289
a6790b94598f37630241e6cd5727f4e1ba0b90dce40bb6302a6e4b52839077cc

SHA-1

f09ff133049500bcb21d8ba9597535cb8b3b7246
776517116dbd2dd5faa7bf79796f868eaabd3513

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs

Rewterz Threat Advisory – CVE-2022-30190: Follina Vulnerability (MSDT) – Active IOCs

Rewterz Threat Alert – Quasar RAT – Active IOCs

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA-1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan