Tag: quasar rat

8 Attack Reports | 0 Vulnerabilities

Attack reports

Unmasking AsyncRAT: Navigating the labyrinth of forks

AsyncRAT, an open-source remote access trojan, has evolved into a sprawling network of forks and variants since its 2019 release. The article explores its origins, tracing influence from Quasar RAT, and maps out the relationships among various forks. DcRat and VenomRAT emerge as the most widely dep…
asyncrat
dcrat
venomrat
quasar rat
evasion techniques
remote access trojan
2025-07-16
2025-08-12
santarat
boratrat
xiebrorat
noneuclid rat
jasonrat
malware forks
Published: August 12, 2025
Downloadable IOCs: 22

Threat Actors Lure Victims Into Downloading .HTA Files Using ClickFix To Spread Epsilon Red Ransomware

A new Epsilon Red ransomware campaign has been discovered targeting users globally through fake ClickFix verification pages. Active since July 2025, the threat actors employ social engineering tactics and impersonate popular platforms like Discord, Twitch, and OnlyFans to trick users into executing…
phishing
social engineering
impersonation
ransomware
quasar rat
drive-by download
clickfix
activex
2025-07-25
hta files
epsilon red
Published: July 25, 2025
Downloadable IOCs: 5

ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor

An Arabic-speaking threat actor has been distributing ViperSoftX malware to Korean victims since April 1, 2025. The malware, typically spread through cracked software or torrents, operates as a PowerShell script and communicates with C&C servers. The campaign involves downloading additional malware…
powershell
purecrypter
quasar rat
vipersoftx
evasion techniques
vbs
2025-04-10
c&c communication
arabic-speaking
Published: April 10, 2025
Downloadable IOCs: 0

Uncovering Cyber Threat Networks: SmartApeSG & NetSupport RAT

This investigation explores the connections between SmartApeSG, a FakeUpdate threat, and NetSupport RAT. Through analysis of Internet telemetry data, the research uncovered related C2 management hosts, active NetSupport RAT servers, and cross-connections to suspicious infrastructure. Key findings i…
cryptocurrency
socgholish
quasar rat
netsupport rat
clearfake
c2 infrastructure
2025-02-04
moldovan ips
pivoting analysis
fakeupdate
landupdate808
ispmanager
smartapesg
lycantrox
Published: February 4, 2025
Downloadable IOCs: 57

Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604)

Threat actors are exploiting the CVE-2023-46604 vulnerability in Apache ActiveMQ to attack Korean systems, particularly using Mauri ransomware. The vulnerability allows remote code execution on unpatched servers. Attackers use XML configuration files to add backdoor accounts, install remote access …
quasar rat
CVE-2023-46604
2024-12-16
apache activemq
mauri ransomware
Published: December 16, 2024
Downloadable IOCs: 0

Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation

This analysis examines HeartCrypt, a new packer-as-a-service (PaaS) used to protect malware. Developed since July 2023 and launched in February 2024, HeartCrypt charges $20 per file to pack Windows x86 and .NET payloads. It is primarily used by malware operators of families like LummaStealer, Remco…
xworm
rhadamanthys
remcos
quasar rat
vidar stealer
redline stealer
process hollowing
anti-sandbox
lummastealer
2024-12-14
heartcrypt
packer-as-a-service
Published: December 14, 2024
Downloadable IOCs: 0

Private HTS Program Continuously Used in Attacks

This report outlines a continuous campaign where a threat actor distributes malware, including Quasar RAT, through a private home trading system (HTS) named HPlus. The malware is initially delivered via an MSI installer, and users who request remote assistance inadvertently execute the AnyDesk soft…
south korea
quasar rat
2024-07-17
Published: July 17, 2024
Downloadable IOCs: 1

ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information

This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user information. The malware is known to install additional malware payloads, including Quasar RAT and a new infostealer called TesseractStealer. TesseractStealer utilizes th…
malware
cybercrime
infostealers
2024-05-17
quasar rat
tesseractstealer
malware-distribution
vipersoftx
crypto-targeting
Published: May 17, 2024
Downloadable IOCs: 8
Click here to see more Attack Reports