ioc[.]one - OSINT Cyber Threat Intelligence Database

AsyncRAT C2 Framework: Overview, Technical Analysis & Detection | Qualys Security Blog

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Boot Or Logon Autostart Execution Scheduled Task/Job
country:	Australia Thailand Laos
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Models Acquire Infrastructure - T1583 Boot Or Logon Autostart Execution - T1547 Domains - T1583.001 Domains - T1584.001 Exfiltration Over C2 Channel - T1646 Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Native Api - T1575 Phishing - T1660 Phishing - T1566 Reflective Code Loading - T1620 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Software - T1592.002 Virtualization/Sandbox Evasion - T1497 Video Capture - T1512 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 Input Capture - T1056 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote Services - T1021 Scheduled Task - T1053 Video Capture - T1125

Show in Graph

Common Information

Type	Value
UUID	e73deed6-f66b-477b-9d94-d6a17305c550
Fingerprint	e5a2259000b397a6
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 16, 2022, 4:09 p.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	AsyncRAT C2 Framework: Overview, Technical Analysis & Detection
Title	AsyncRAT C2 Framework: Overview, Technical Analysis & Detection \| Qualys Security Blog
Detected Hints/Tags/Attributes	99/4/11

Source URLs

	Redirection	Url
Details	Source	https://blog.qualys.com/vulnerabilities-threat-research/2022/08/16/asyncrat-c2-framework-overview-technical-analysis-and-detection

URL Provider

Details	Provider	Source level domain
Details	qualys.com	blog.qualys.com

Attributes

Details	Type	#Events	CTI	Value
Details	File	83		sbiedll.dll
Details	File	2125		cmd.exe
Details	MITRE ATT&CK Techniques	275		T1053.005
Details	MITRE ATT&CK Techniques	380		T1547.001
Details	MITRE ATT&CK Techniques	238		T1497
Details	MITRE ATT&CK Techniques	422		T1041
Details	MITRE ATT&CK Techniques	21		T1583.006
Details	MITRE ATT&CK Techniques	118		T1056.001
Details	MITRE ATT&CK Techniques	239		T1106
Details	MITRE ATT&CK Techniques	160		T1021.001
Details	MITRE ATT&CK Techniques	32		T1125