#quasarrat — Public Fediverse posts

Interesting #OpenDir on #QuasarRat C2 server 185.208.159[.]161:8000 . The open web directory includes source code for a backdoor + misc development artifacts.

https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161

#malware #thread 🧵

Guess we're back to these...:
http://episode-windsor-subdivision-delivery.trycloudflare\.com
https://lol-julian-impossible-bermuda.trycloudflare\.com
https://italia-committees-practical-violence.trycloudflare\.com

#asyncrat #purehvnc #quasarrat

jskeywon.duckdns\.org
jbsak.duckdns\.org
jul5050quasae.duckdns\.org
ksj43ts.duckdns\.org

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT – Source:hackread.com https://ciso2ciso.com/npm-package-disguised-as-an-ethereum-tool-deploys-quasar-rat-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #SmartContract #CyberAttack #QuasarRAT #Ethereum #Hackread #security #malware #NPM

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT https://hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/ #Cybersecurity #SmartContract #CyberAttack #QuasarRAT #Security #Ethereum #security #Malware #NPM

Cisco Talos discloses a new Vietnamese financially-motivated actor dubbed CoralRaider, targeting victims in several Asian and Southeast Asian countries since at least 2023. They focus on stealing victims’ credentials, financial data, and social media accounts, including business and advertisement accounts. Known malware used are a QuasarRAT variant called RotBot, and XClient stealer. TTPs include abusing a legitimate service to host the C2 configuration file and uncommon living-off-the-land binaries (LoLBins), including Windows Forfiles.exe and FoDHelper.exe. IOC provided. 🔗 https://blog.talosintelligence.com/coralraider-targets-socialmedia-accounts/

#CoralRaider #Vietnam #cybercrime #threatintel #IOC #QuasarRAT #RotBot #XClient #LoLBin