Downeks

Description

(Palo Alto) The initial infection vector in this attack is not clear, but it results in installing the “Downeks” downloader, which in turn infects the victim computer with the “QuasarRAT”.

Downeks uses third party websites to determine the external IP of the victim machine, possibly to determine victim location with GeoIP. It also drops decoy documents in an attempt to camouflage the attack.

Names

Name
Downeks

Type

Downloader

Information

https://unit42.paloaltonetworks.com/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.downeks

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Downeks

Other Information

Uuid

16b197ca-adb0-46c1-a237-f48442021c0b

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Downeks

Downeks

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks