ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool QuasarRAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: QuasarRAT

NamesQuasarRAT
Quasar RAT
CinaRAT
Yggdrasil
xRAT
CategoryTools
TypeReconnaissance, Backdoor, Keylogger, Credential stealer, Info stealer, Exfiltration, Tunneling
DescriptionQuasar is a fast and light-weight remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.

Feature:
• TCP network stream (IPv4 & IPv6 support)
• Fast network serialization (Protocol Buffers)
• Compressed (QuickLZ) & Encrypted (TLS) communication
• Multi-Threaded
• UPnP Support
• No-Ip.com Support
• Visit Website (hidden & visible)
• Show Messagebox
• Task Manager
• File Manager
• Startup Manager
• Remote Desktop
• Remote Shell
• Download & Execute
• Upload & Execute
• System Information
• Computer Commands (Restart, Shutdown, Standby)
• Keylogger (Unicode Support)
• Reverse Proxy (SOCKS5)
• Password Recovery (Common Browsers and FTP Clients)
• Registry Editor
Information<https://github.com/quasar/QuasarRAT>
<https://threatvector.cylance.com/en_us/home/threat-spotlight-menupass-quasarrat-backdoor.html>
<https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/>
<https://www.fireeye.com/blog/threat-research/2019/04/spear-phishing-campaign-targets-ukraine-government.html>
<https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/>
<https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/>
<https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf>
<http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments>
<https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf>
<https://ti.360.net/blog/articles/analysis-of-apt-c-09-target-china/>
<https://www.welivesecurity.com/2018/07/17/deep-dive-vermin-rathole/>
MITRE ATT&CK<https://attack.mitre.org/software/S0262/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:QuasarRat>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool QuasarRAT

ChangedNameCountryObserved

APT groups

 APT 32, OceanLotus, SeaLotusVietnam2013-Dec 2020X
 APT 33, Elfin, MagnalliumIran2013-Nov 2019 
 Gorgon GroupPakistan2017-Jul 2020 
 LazyScripter[Unknown]2018 
 Molerats, Extreme Jackal, Gaza Cybergang[Gaza]2012-Apr 2021 
 Patchwork, Dropping ElephantIndia2013-Mar 2018 
 Stone Panda, APT 10, menuPassChina2006-Feb 2021X
 Transparent Tribe, APT 36Pakistan2013-Feb 2021 

8 groups listed (8 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key