OK! The sourceforge page hosting QuasarRAT is now down 🎉
urlscan.io/result/019c3...
A takedown request is now submitted for their other infrastructure. Most of the GitHub hosted command and control is gone after the takedown request (thank you @github.com !)
#QuasarRAT #TakeDown #Malware
Let's find more QuasarRAT infrastructure! Live now threat hunting!
twitch.tv/cyberkaida
#Malware #QuasarRAT #VTuber #ReverseEngineering #Threathunting #ReVa
Live now hunting the QuasarRAT malware! In the last stream we got their command and control taken down!
bsky.app/profile/cybe...
twitch.tv/cyberkaida
#malware #VTuber #Ghidra #ThreatIntel #QuasarRAT
QuasarRat payload is hosted on SourceForge
- hxxxs://sourceforge[.]net/projects/fluid-draw/
and more old C2 on @github.com
- github.com/cemugen/
#QuasarRat #Stealer #Payload #Malware
@github.com has been hosting QuasarRat command and control for a few years.
- github.com/htmlacc
- github.com/wdkjservice
- github.com/software016378
These are taken down:
- github.com/n16h70wx
- github.com/frngdev/
#Malware #Stealer #QuasarRat #GitHub #C2
In the second part, we unwrap #QuasarRAT, a popular .NET remote access trojan, and show how to extract its encrypted configuration out of the binary.
buff.ly/agWWCnp
Delving into QuasarRAT: Exploring its evolution from a legitimate tool to a cybercriminal's asset, its core functionalities, and the advanced obfuscation techniques that challenge cybersecurity defenses. #QuasarRAT #CyberSecurity #MalwareAnalysis Link: thedailytechfeed.com/quasarrats-e...
~Sekoia~
Technical walkthrough on extracting encrypted configurations from both clean and obfuscated samples of the QuasarRAT .NET malware.
-
IOCs: (None identified)
-
#QuasarRAT #RAT #ThreatIntel
Interesting #OpenDir on #QuasarRat C2 server 185.208.159[.]161:8000 . The open web directory includes source code for a backdoor + misc development artifacts.
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
RevengeHotels usa LLM e VenomRAT contro hotel LATAM: catena d’infezione, TTP, IOC e difese per SOC e CISO.
#AI #LLM #malware #phishing #QuasarRAT #RevengeHotels #TA558 #VenomRAT
www.matricedigitale.it/2025/09/17/r...
Guess we're back to these...:
episode-windsor-subdivision-delivery.trycloudflare\\.com
lol-julian-impossible-bermuda.trycloudflare\\.com
italia-committees-practical-violence.trycloudflare\\.com
#asyncrat #purehvnc #quasarrat
jskeywon […]
[Original post on infosec.exchange]
Nikola Knežević created an overview of AsyncRAT forks and how they relate to each other. Great research.
#AsyncRAT #QuasarRAT
www.welivesecurity.com/en/eset-rese...
"Around the World in 90 Days: State-Sponsored Actors Try ClickFix" published by Proofpoint. #ClickFix, #QuasarRAT, #TA427, #DPRK, #CTI www.proofpoint.com/us/blog/threat-insight/a...
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners reconbee.com/hackers-expl...
#hackers #PHP #PHPflaw #quasarRAT #remoteaccesstrojan #XMRigminers #cyberattacks
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT reconbee.com/malicious-ob...
#NPMpackage #disguised #Ethereumtool #QuasarRAT #RAT #remoteaccesstrojan #cybersecurity #cybersec #cyberattacks
🚨 Alert: Watch out as this new malicious NPM package installs #QuasarRAT instead of scanning for ETH contract vulnerabilities. ⚠️
Read: hackread.com/npm-package-...
#CyberSecurity #NPM #Malware #Ethereum
Scoperto un pacchetto npm che distribuisce Quasar RAT. Scopri come proteggerci da minacce alla supply chain software.
#cybersecurity #ethereum #malevolo #npm #pacchettonpm #QuasarRAT #supplychain
www.matricedigitale.it/sicurezza-in...
I'm excited to share the launch of a new blog I have collaborated on with my team, focusing on a new advanced persistent threat (APT) we’re calling #LilacSquid and some custom malware, including a customized version of #QuasarRAT we’re calling #PurpleInk.
blog.talosintelligence.com/lilacsquid/
I've come across some instances today where the TAs forgot to change the C2 configs from localhost when building their #QuasarRAT binaries. It's so funny when they mess up:
