← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Quaverse RAT: Remote-Access-as-a-Service
WHITE AlienVault 2015-10-01 Modified: 2017-08-24
20
IOCs
MEDIUM VOLUME
Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java RAT. As you might expect from a RAT, the tool is capable of grabbing passwords, key logging and browsing files on the victim's computer. On a regular basis for the past several months, we have observed the inclusion of QRAT in a number of spam campaigns.
qratratremote access toolquaversewindowstrojan
Indicators of Compromise (20)
All hostname domain FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
hostname gtfoods.com.ru 2017-08-24
domain frecarn.co 2017-08-24
domain soqda.com 2017-08-24
domain quaverse.com 2017-08-24
domain valtce.co 2017-08-24
FileHash-MD5 bd7ccace0e871d27f622d33f30583bcb 2017-08-24
FileHash-MD5 1ced4663568ec6d54598976db312e376 2017-08-24
FileHash-MD5 3f969420d063fc56aedab09b0ba80100 2017-08-24
FileHash-MD5 5f70e1b5482f75747ee8bfdb3ef105e3 2017-08-24
FileHash-MD5 e26413e443ad6c8c6a9a5d833a0a5005 2017-08-24
FileHash-MD5 07e7f55f80e51119bc7f576baef25c89 2017-08-24
FileHash-MD5 22105f2cb8572d24f5c7c7f4b5ff707e 2017-08-24
FileHash-MD5 963b08af4211460033cdcaa59c5cc5b1 2017-08-24
FileHash-MD5 3b9e1d8d56f0c4b772130de3efdd7afa 2017-08-24
FileHash-MD5 ade107891ccba3845641b2db4b47e622 2017-08-24
FileHash-MD5 c9c0ca26ef1c41c67e2f028bfa7e0f0d 2017-08-24
FileHash-MD5 aa604c6384a48bad3b2d58d927a385bd 2017-08-24
FileHash-MD5 246de291b9e920a86635596c75d366ae 2017-08-24
FileHash-MD5 f46e73ae7a345c9d2d9e8ac557b00357 2017-08-24
FileHash-SHA1 17756078acbdf8e87ae34209efddb1a8f5e01dd3 2017-08-24
References (2)
↗ https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-as-a-Service/ ↗ http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=TROJANDOWNLOADER:JAVA/OPENCONNECTION.QE