Targeted attack on Thailand Pass customers delivers AsyncRAT | Zscaler
Tags
| cmtmf-attack-pattern: | Process Injection |
| country: | Thailand |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Powershell - T1086 Process Injection - T1055 Scheduled Task - T1053 |
Common Information
| Type | Value |
|---|---|
| UUID | 65b96ada-4bf0-4999-8432-17d0e2f4e0c3 |
| Fingerprint | e420a911a9b307a7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 27, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 18, 2024, 2:35 a.m. |
| Headline | Targeted attack on Thailand Pass customers delivers AsyncRAT |
| Title | Targeted attack on Thailand Pass customers delivers AsyncRAT | Zscaler |
| Detected Hints/Tags/Attributes | 62/4/43 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | tp.consular.go.th |
|
| Details | Domain | 318 | bit.ly |
|
| Details | Domain | 1 | ec2-34-229-64-131.compute-1.amazonaws.com |
|
| Details | Domain | 1 | microsoft.soundcast.me |
|
| Details | Domain | 2 | invoice-update.myiphost.com |
|
| Details | Domain | 112 | cdn.discordapp.com |
|
| Details | File | 1 | travel.html |
|
| Details | File | 1 | thailand_passport.iso |
|
| Details | File | 1 | qr_thailand_pass.vbs |
|
| Details | File | 1 | testavast+denf.txt |
|
| Details | File | 1 | untitled.ps1 |
|
| Details | File | 1 | killd.txt |
|
| Details | File | 1 | admin.vbs |
|
| Details | File | 1 | admin.ps1 |
|
| Details | File | 1 | 1_powerrun.vbs |
|
| Details | File | 61 | 1.bat |
|
| Details | File | 18 | 1.ps1 |
|
| Details | File | 7 | task.txt |
|
| Details | File | 2 | securityhealth.exe |
|
| Details | File | 2 | aaa.ps1 |
|
| Details | File | 40 | aspnet_compiler.exe |
|
| Details | File | 1 | qr_thailand_pass.zip |
|
| Details | File | 1 | avast.txt |
|
| Details | File | 3 | nod.txt |
|
| Details | md5 | 1 | 9f0a23cf792d72d89010df5e219b4b12 |
|
| Details | md5 | 1 | e2da247426a520209f7d993332818b40 |
|
| Details | md5 | 1 | 8f30215a81f2a2950fd5551d4f2212ce |
|
| Details | md5 | 1 | e8e4ea0f80c9ff49df07e9c1b119ba2a |
|
| Details | md5 | 1 | 25ed250f143d623d0d41bd9123bcc509 |
|
| Details | md5 | 1 | 4e6d695ed0559da97c9f081acf0892e4 |
|
| Details | md5 | 1 | 2922a998d5b202ff9df4c40bce0a6119 |
|
| Details | md5 | 1 | b64ac660f13b24f99999e7376424df2d |
|
| Details | md5 | 1 | 984f6bd06024f8e7df2f9ec9e05ae3d2 |
|
| Details | md5 | 1 | a5dfd5b75db6529b6bd359e02229ad1d |
|
| Details | md5 | 1 | 9c0bdb129084a6c8fce1a1e9d153374b |
|
| Details | md5 | 1 | 7ec50ec3091ff38eb7c43e2a8a253bc9 |
|
| Details | md5 | 1 | ae29fc1878f3471bb196ba353b3daf9d |
|
| Details | md5 | 1 | 44314f46a2beb1cc20a0798533f0913E |
|
| Details | md5 | 1 | 878b1aae24a87bc0dbce537336878b5E |
|
| Details | IPv4 | 1 | 34.71.81.158 |
|
| Details | Url | 1 | https://bit.ly/thailand-passport |
|
| Details | Url | 1 | https://onedrive.live.com/download?cid=6bcbe135551869f2&resid=6bcbe135551869f2 |
|
| Details | Url | 1 | http://microsoft.soundcast.me |