Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell

Description

The intelligence report details the discovery and analysis of an attack campaign by the APT-K-47 organization, also known as Mysterious Elephant. The attackers used a CHM file to execute a malicious payload, which is an upgraded version of their Asyncshell tool. The new version, dubbed Asyncshell-v4, features base64 variant algorithm for string hiding, disguised C2 requests, and reduced log messages. The report traces the evolution of Asyncshell through four versions, from its first discovery in January 2024 to the latest capture. The tool has been used in attacks targeting various countries, including Pakistan, Bangladesh, and Turkey, often using decoy documents related to government and religious topics.