"킴수키(Kimsuky)조직, '협의 이혼 의사 확인 신청서'를 위장한 QuasarRAT 유포 중!" published by ESTSecurity. #Kimsuky, #QuasarRAT, #CTI, #OSINT, #LAZARUS https://blog.alyac.co.kr/5103
#kimsuky #quasarrat #cti #osint #lazarus
Todays #NewsYouShouldKnow included discussion about #QuasarRat being propagated via malicious #OneNote .one files.
I broke down the anatomy of this attack here and offer some free and effective mitigations for #BlueTeam #Defenders to help prevent this #threat
#Infosec #ThreatIntel
https://www.justinmcafee.com/2023/01/malicious-onenote.html
#newsyoushouldknow #quasarrat #onenote #blueteam #defenders #threat #infosec #threatintel
How hard is it to upload malware on Google API (firebase) and abuse it?
Not much, just base64 first and then reverse it, and you get a Google API link for your malware stager which many products will not cover.
Live firebase link serving malware as of now (this is from a real #QuasarRAT campaign, not POC )
hxxps[://]firebasestorage[.]googleapis[.]com/v0/b/dsadsa-4c70a[.]appspot[.]com/o/apgtoo[.]txt?alt=media&token=f07d9c0f-39f0-44d3-a984-21cfc695edf0
#quasarrat #malware #infosec #cybersecurity
Anyone have a config extractor script for #quasarrat? I couldn't find one online. I made one but it seems a bit complicated/too many moving parts so I wanted to see if there was a better/easier way that I couldn't figure out. I'm not great with config extractors for .NET malware yet.
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India - Cisco Talos recently discovered a threat actor using political and government-them... http://feedproxy.google.com/~r/feedburner/Talos/~3/-nsIY85fJB0/crimeware-targets-afghanistan-india.html #crimeware #quasarrat #securex #maldoc #dcrat #rats
#rats #dcrat #maldoc #securex #quasarrat #crimeware
MoleRats APT Returns with Espionage Play Using Facebook, Dropbox - The threat group is increasing its espionage activity in light of the current political climate an... https://threatpost.com/molerats-apt-espionage-facebook-dropbox/162162/ #cyberespionage #cloudsecurity #cloudservices #websecurity #cybereason #middleeast #sharpstage #quasarrat #analysis #backdoor #dropbook #facebook #molerats #phishing #malware #dropbox #apt
#apt #dropbox #malware #phishing #molerats #facebook #dropbook #backdoor #analysis #quasarrat #sharpstage #middleeast #cybereason #websecurity #cloudservices #cloudsecurity #cyberespionage