win.quasar_rat (Back to overview)

Quasar RAT

Actor(s): APT33, Dropping Elephant, Stone Panda, The Gorgon Group

URLhaus        

Quasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.

References
https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/
https://www.fireeye.com/blog/threat-research/2019/04/spear-phishing-campaign-targets-ukraine-government.html
https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
https://github.com/quasar/QuasarRAT/tree/master/Client
https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/
https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf
https://www.welivesecurity.com/2018/07/17/deep-dive-vermin-rathole/
https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf?platform=hootsuite
https://ti.360.net/blog/articles/analysis-of-apt-c-09-target-china/
https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
https://twitter.com/malwrhunterteam/status/789153556255342596
http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments