AsyncRAT - Threat hunting with hints of incident response
Tags
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Dynamic Dns - T1311 Dynamic Dns - T1333 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 6b0c3a21-27a7-4bc4-bf8c-ed385e1f8a54
Fingerprint 3a78107449a51e5e
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 8, 2023, 2:40 p.m.
Added to db Nov. 6, 2023, 6:35 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline AsyncRAT
Title AsyncRAT - Threat hunting with hints of incident response
Detected Hints/Tags/Attributes 42/1/14
Source URLs
Redirection Url
Details Source https://threathunt.blog/asyncrat/?utm_source=rss&utm_medium=rss&utm_campaign=asyncrat
URL Provider
Details Provider Source level domain
Details threathunt.blog threathunt.blog
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 252 | Threat hunting with hints of incident response https://threathunt.blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 75 
tria.ge
Details Domain 145 
api.telegram.org
Details Domain 2 
mscorlib.ni
Details Domain 1 
bevdona.theworkpc.com
Details Domain 285 
microsoft.net
Details File 1209 
powershell.exe
Details File 1 
c:\tmp\230106-aztefsdg69_pw_infected\soa.exe
Details File 13 
addinprocess32.exe
Details File 478 
lsass.exe
Details File 68 
mscoree.dll
Details File 5 
cld.dll
Details File 16 
ni.dll
Details File 6 
clrjit.dll
Details md5 1 
8d60a20bcb7b36d0ddf74b96d554c96e