QUASAR RAT WINDOWS
Shown above: The attachment and extracted Windows executable for Quasar RAT. Today's diary reviews the infection activity. On Tuesday I found malspam with malware based on Quasar RAT. This RAT is occasionally distributed as malware through malicious spam (malspam). Here is a link to the Github page for Quasar RAT. Quasar is a publicly-available Remote Access Tool (RAT) for Windows hosts. Falcone, R., Fuertes, D., Grunzweig, J., Wilhoit, K. The Gorgon Group: Slithering Between Nation State and Cybercrime. Patchwork APT Group Targets US Think Tanks. Untangling the Patchwork Cyberespionage Group: technical brief. Quasar Open-Source Remote Administration Tool. īuggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT. Quasar, Sobaken and VERMIN: A deeper look into an ongoing espionage campaign.
Malicious RTF document leading to NetwiredRC and Quasar RAT. New Jersey Cybersecurity & Communications Integration Cell. VERMIN: Quasar RAT and Custom Malware Used In Ukraine. Ĭhinese APT10 Intrusion Activities Target Worldwide Government, Cloud-Computing MSPs and Customer Networks. Īnon Hacks, another distributor of malware packed with CyberSeal on Youtube. įree Open Source Remote Administration Tool for Windows: Quasar RAT. Gaza Cybergang Group Targeting ME Governments with Downeks, Quasar RAT. Sapir, M., Bar, T., Rimer, N., Malivanchuk, T., Samuel, Y., Conant, S. ĭowneks and Quasar RAT Used in Recent Targeted Attacks Against Governments.
Even though the fork doesn’t seem very active, it has received some donations as you can see in the image below. One of them accepts donations in BTC to the wallet: 17eAafhEYnxmnj2nQ92tDFdDzATL27gcj. Some forks from Quasar RAT are quite interesting.
QUASAR RAT FREE
There are dozens of RATs being developed and free to download, including AsyncRAT, Powershell-RAT, Lime-Controller, microRAT, and pupy RAT. Quasar is not the first, nor the last, open source remote access tool or trojan.
In this report, ESET mentioned that Quasar RAT was used along side two other RATs including Vermin and Sobaken. In July of the same year, ESET reported with more detail on the ongoing targeted attacks against Ukraine government institutions with the purpose of spying and stealing information. In January 2018, Unit 42 from Palo Alto Networks mentioned that Quasar RAT along with a new RAT dubbed VERMIN were observed in targeted attacks against Ukraine since late 2015.
QUASAR RAT DOWNLOAD
The RAT was delivered via Drive-By download attacks. The group, that targets government and diplomatic agencies, used Quasar RAT as payload in some of their targeted attacks during 2017. In December 2017, TrendMicro wrote about the activities of an espionage group known as Patchwork or Dropping Elephant. The report mentions that Quasar RAT has been seen used by ATP10 since early 2017. In their report, researchers mentioned that starting in 2016, the threat actor has renewed their tools incorporating and modifying open-source tools, Quasar RAT among them. In April 2017, PwC published a report detailing recent activities by Chinese-based threat actor APT10. TripWire wrote more on Downeks and Quasar in February 2017, see. In January 2017, Palo Alto Networks published a report in which they mentioned that Quasar RAT was delivered using the Downeks downloader in a targeted attack in September 2016 (dubbed ‘DuskSky’) by the Gaza Cybergang group. However, an open-source like this could rarely go unnoticed by attackers. Quasar has become a great tool for legitimate uses in the day-to-day administrative work.
QUASAR RAT PASSWORD
Password Recovery/Stealing (Common Browsers and FTP Clients) However, one of its more important features is that it works on Windows 10, making it a preferred tool for administrators and attackers who are leaving behind some old RATs and replacing them with Quasar.Ĭomputer Commands (Restart, Shutdown, Standby) Quasar has typical features of remote access tools/trojans, listed below. The project has a roadmap which includes features that will make the tool more secure and easier to use. Quasar has an interesting list of features, which is interestingly increasing over time. The author advertises the tool as useful for a variety of purposes, “from user support through day-to-day administrative work to employee monitoring”, thanks to its “high stability and easy-to-use interface”.
0 kommentar(er)
