Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell

Nov. 26, 2024, 10:04 p.m.

Description

The intelligence report details the discovery and analysis of an attack campaign by the APT-K-47 organization, also known as Mysterious Elephant. The attackers used a CHM file to execute a malicious payload, which is an upgraded version of their Asyncshell tool. The new version, dubbed Asyncshell-v4, features base64 variant algorithm for string hiding, disguised C2 requests, and reduced log messages. The report traces the evolution of Asyncshell through four versions, from its first discovery in January 2024 to the latest capture. The tool has been used in attacks targeting various countries, including Pakistan, Bangladesh, and Turkey, often using decoy documents related to government and religious topics.

Date

Published: Nov. 26, 2024, 9:42 p.m.

Created: Nov. 26, 2024, 9:42 p.m.

Modified: Nov. 26, 2024, 10:04 p.m.

Indicators

c914343ac4fa6395f13a885f4cbf207c4f20ce39415b81fd7cfacd0bea0fe093

5488dbae6130ffd0a0840a1cce2b5add22967697c23c924150966eaecebea3c4

5afa6d4f9d79ab32374f7ec41164a84d2c21a0f00f0b798f7fd40c3dab92d7a8

Attack Patterns

MSMQSPY

Asyncshell

ORPCBackdoor

APT-K-47

T1132.001

T1053.005

T1059.001

T1555

T1204.002

T1036

T1140

T1027

Additional Informations

Bangladesh

Pakistan