Tweaking AsyncRAT: Attackers Using Python and TryCloudflare to Deploy Malware
Tags
| cmtmf-attack-pattern: | Process Injection |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Process Injection - T1055 |
Common Information
| Type | Value |
|---|---|
| UUID | 0e8963ac-349b-4727-a0b6-8afe10bdf349 |
| Fingerprint | 4b00095a134e699 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 26, 2024, 6:52 a.m. |
| Added to db | Oct. 7, 2024, 12:45 p.m. |
| Last updated | Nov. 12, 2024, 11:53 a.m. |
| Headline | Tweaking AsyncRAT: Attackers Using Python and TryCloudflare to Deploy Malware |
| Title | Tweaking AsyncRAT: Attackers Using Python and TryCloudflare to Deploy Malware |
| Detected Hints/Tags/Attributes | 56/3/44 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | travel-scholar-an-equity.trycloudflare.com |
|
| Details | Domain | 1 | dxjs.zip |
|
| Details | Domain | 4 | info.py |
|
| Details | Domain | 1 | kam.py |
|
| Details | Domain | 1 | moment.py |
|
| Details | Domain | 1 | money.py |
|
| Details | Domain | 1 | time.py |
|
| Details | Domain | 9 | update.py |
|
| Details | Domain | 2 | upload.py |
|
| Details | Domain | 3 | ncmomenthv.duckdns.org |
|
| Details | Domain | 3 | float-suppose-msg-pulling.trycloudflare.com |
|
| Details | Domain | 2 | bangkok-generally-ensemble-nfl.trycloudflare.com |
|
| Details | Domain | 2 | be-broadband-wp-canon.trycloudflare.com |
|
| Details | Domain | 2 | researchers-hrs-auctions-coating.trycloudflare.com |
|
| Details | Domain | 3 | xoowill56.duckdns.org |
|
| Details | Domain | 3 | drvenomjh.duckdns.org |
|
| Details | Domain | 3 | vxsrwrm.duckdns.org |
|
| Details | Domain | 3 | ghdsasync.duckdns.org |
|
| Details | Domain | 3 | anachyyyyy.duckdns.org |
|
| Details | Domain | 2 | rvenom.duckdns.org |
|
| Details | File | 8 | new.bat |
|
| Details | File | 1 | c:\users\test\downloads\dxjs.zip |
|
| Details | File | 4 | info.py |
|
| Details | File | 1 | kam.py |
|
| Details | File | 1 | moment.py |
|
| Details | File | 1 | money.py |
|
| Details | File | 1 | time.py |
|
| Details | File | 9 | update.py |
|
| Details | File | 3 | upload.py |
|
| Details | File | 1 | another.bat |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1 | startupp.bat |
|
| Details | sha1 | 2 | ab069b312dd07d23e1b0cfe397775c7b37c1c5ad |
|
| Details | sha1 | 2 | 07095f8f4d920b47f788a8ba52a8ab8902faaa5f |
|
| Details | sha1 | 2 | 16ea141a7d3f622f21a06c694adcb7597707be56 |
|
| Details | sha1 | 2 | 77ecf69228836fa6a6c79bc26fe1f98f21b7118a |
|
| Details | sha1 | 2 | 05839f45d737f73041c8e5d0ba77044592074f6a |
|
| Details | sha1 | 2 | e6c4bdf3c3c1bc32e49caab17a1f3167d43b3406 |
|
| Details | sha1 | 2 | c9103b859d1cd93ce4a83c782fa4807553120a6d |
|
| Details | sha1 | 2 | 3292a7228bc9c5f20ddeaf106a54838e7b4f188c |
|
| Details | sha1 | 2 | a78711dc104fc079a781e61a06e0abefe4823add |
|
| Details | sha1 | 2 | 83132dda0bd86740c931aec8149f86b30674642a |
|
| Details | sha1 | 2 | d83fa1a7885143b0d851fd8fb04d54b539790609 |
|
| Details | sha1 | 2 | e9853f91bd8a9ed694275fd72f97bdf52775a1d5 |