Tag: asyncrat

48 Attack Reports | 0 Vulnerabilities

Attack reports

Watch out for SVG files booby-trapped with malware

A recent malware campaign in Latin America demonstrates cybercriminals' evolving tactics. The attacks use social engineering, sending emails that appear to be from trusted institutions with urgent warnings about legal issues. The campaign's goal is to install AsyncRAT, a remote access trojan that a…
social engineering
asyncrat
dll sideloading
latin america
svg
colombia
2025-11-09
ai-generated templates
judicial system impersonation
Published: November 9, 2025
Downloadable IOCs: 0

Malicious Infrastructure Finds Stability with aurologic GmbH

German hosting provider aurologic GmbH has become a central hub for high-risk hosting networks, providing upstream transit to multiple threat activity enablers. These include sanctioned entities like Aeza Group and other providers associated with cybercrime and disinformation campaigns. aurologic's…
cobalt strike
amadey
asyncrat
cybercrime
rhadamanthys stealer
vidar
phorpiex
dcrat
sliver
latrodectus
disinformation
bianlian
stealc
redline stealer
lumma
meduza stealer
infrastructure
quasarrat
systembc
remcos rat
risepro stealer
darkcomet
dark crystal rat
svcstealer
hosting
castleloader
2025-11-06
moobot
neutrality
transit
sanctions
thc hydra
upstream
tinyloader
abuse
aurologic
destiny stealer
aurotun
castlerat
Published: November 6, 2025
Downloadable IOCs: 23

Werewolf raids Russia's public sector with trusted relationship attacks

Cavalry Werewolf, a malicious actor group, targeted Russian state agencies and enterprises in the energy, mining, and manufacturing sectors from May to August 2025. The attackers used targeted phishing emails, posing as Kyrgyz government officials, to gain initial access. They employed custom malwa…
rat
phishing
russia
government
asyncrat
mining
telegram
reverse shell
manufacturing
kyrgyzstan
2025-10-02
energy
foalshell
stallionrat
Published: October 2, 2025
Downloadable IOCs: 0

AsyncRAT Campaigns Uncovered: How Attackers Abuse ScreenConnect and Open Directories

This intelligence report details a sophisticated attack campaign leveraging trojanized ConnectWise ScreenConnect installers to deliver AsyncRAT payloads. Attackers use open directories as staging points, blending legitimate remote management software abuse with custom loaders and scripts. The campa…
obfuscation
screenconnect
phishing
persistence
asyncrat
remote access trojan
c2 infrastructure
open directories
CVE-2025-3935
powershell rat
2025-09-19
payload staging
Published: September 19, 2025
Downloadable IOCs: 0

TAG-144's Persistent Grip on South American Organizations

Insikt Group has identified five distinct activity clusters linked to TAG-144 (Blind Eagle), targeting primarily Colombian government entities across local, municipal, and federal levels throughout 2024 and 2025. The clusters share similar tactics, techniques, and procedures (TTPs) such as using op…
xworm
asyncrat
njrat
dcrat
bitrat
quasarrat
remcos rat
blotchyquasar
limerat
2025-08-26
south america
tag-144
Published: August 26, 2025
Downloadable IOCs: 0

Gh0st RAT-based GodRAT attacks financial organizations

A newly identified Remote Access Trojan named GodRAT, based on the Gh0st RAT codebase, has been targeting financial firms since September 2024. The attackers distribute malicious .scr files via Skype, using steganography to embed shellcode in images. GodRAT supports plugins and is used alongside br…
steganography
asyncrat
gh0st rat
financial-sector
2025-08-19
skype
password-stealer
awesomepuppet
ms edge password stealer
godrat
chrome password stealer
Published: August 19, 2025
Downloadable IOCs: 0

Unmasking AsyncRAT: Navigating the labyrinth of forks

AsyncRAT, an open-source remote access trojan, has evolved into a sprawling network of forks and variants since its 2019 release. The article explores its origins, tracing influence from Quasar RAT, and maps out the relationships among various forks. DcRat and VenomRAT emerge as the most widely dep…
asyncrat
dcrat
venomrat
quasar rat
evasion techniques
remote access trojan
2025-07-16
2025-08-12
santarat
boratrat
xiebrorat
noneuclid rat
jasonrat
malware forks
Published: August 12, 2025
Downloadable IOCs: 22

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

A Malware-as-a-Service operation utilizing Amadey for payload delivery has been identified, with connections to a SmokeLoader phishing campaign targeting Ukrainian entities. The operation exploits fake GitHub accounts to host payloads and tools, bypassing web filtering. Emmenhtal, a multistage down…
obfuscation
phishing
rhadamanthys
ukraine
amadey
asyncrat
redline
smokeloader
downloader
github
lumma
maas
emmenhtal
2025-07-17
Published: July 17, 2025
Downloadable IOCs: 4

Discord Invite Hijacking: How Fake Links Are Delivering Infostealers

Cybercriminals are exploiting Discord's invite system and content delivery features to distribute malware and steal sensitive data. They use fake invite links, expired codes, and vanity URLs to redirect users to malicious servers. The attack chain involves a sophisticated combination of social engi…
phishing
social engineering
cryptocurrency
asyncrat
discord
multi-stage attack
wallet injection
chromekatz
skuld stealer
2025-06-20
invite hijacking
Published: June 20, 2025
Downloadable IOCs: 0

Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware

The SERPENTINE#CLOUD campaign leverages Cloudflare Tunnels and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated scripts. The attack begins with malicious .lnk files disguised as documents, fetching remote code from Cloudflare subdomains. The …
obfuscation
rat
phishing
asyncrat
webdav
stealth techniques
memory injection
cloudflare tunnels
shellcode loader
2025-06-20
revengerat
python-based malware
donut packer
Published: June 20, 2025
Downloadable IOCs: 147

AsyncRAT Campaign Continues to Evade Endpoint Detection

A wide-ranging phishing campaign has been identified that enables threat actors to bypass traditional security controls and delay detection. The campaign, tracked since 2024, has facilitated remote surveillance, credential theft, lateral movement, data exfiltration, and ransomware across numerous o…
obfuscation
xworm
phishing
remcos
asyncrat
venomrat
purehvnc
cloud services
cybercriminal
trycloudflare
remote access trojan
2025-06-17
python scripts
endpoint evasion
Published: June 17, 2025
Downloadable IOCs: 0

Fileless AsyncRAT Distributed Via Clickfix Technique Targeting German Speaking Users

A fileless AsyncRAT campaign is targeting German-speaking users through Clickfix-themed websites. The attack uses a fake 'I'm not a robot' prompt to execute malicious PowerShell code, which downloads and runs obfuscated C# code in memory. This technique enables full remote access, credential theft,…
obfuscation
powershell
asyncrat
c2
in-memory execution
fileless
clickfix
2025-06-16
german-speaking
Published: June 16, 2025
Downloadable IOCs: 0

From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery

Check Point Research uncovered a malware campaign exploiting expired Discord invite links to redirect users to malicious servers. The attackers use a combination of techniques including ClickFix phishing, multi-stage loaders, and time-based evasions to deliver AsyncRAT and a customized Skuld Steale…
phishing
evasion
asyncrat
discord
crypto wallets
2025-06-13
chromekatz
skuld stealer
Published: June 13, 2025
Downloadable IOCs: 0

Unmasking the Infrastructure of a Spear‑phishing Campaign

Censys researchers uncovered a spear‑phishing campaign where threat actors leveraged a cluster of 16 open directories hosting heavily obfuscated Visual Basic Script (VBS) files. The study analyzes how attackers set up these public-accessible directories to store malicious scripts, the obfuscation t…
spearphishing
remcos
asyncrat
dcrat
2025-06-11
limerat
opendir
Published: June 11, 2025
Downloadable IOCs: 54

Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure

A sophisticated malware campaign has been discovered utilizing paste.ee to distribute XWorm and AsyncRAT. The attackers employ obfuscated JavaScript with Unicode characters to download and execute malicious code from paste.ee URLs. The infrastructure includes multiple C2 servers across Europe and t…
obfuscation
xworm
remcosrat
asyncrat
remote access trojan
c2 infrastructure
2025-06-06
paste.ee
ssl certificates
Published: June 6, 2025
Downloadable IOCs: 12

The strange tale of ischhfd83: When cybercriminals eat their own

This investigation uncovered a large-scale campaign involving backdoored GitHub repositories targeting game cheaters and inexperienced cybercriminals. The threat actor, possibly linked to a Distribution-as-a-Service operation, uses multiple types of backdoors and a convoluted infection chain leadin…
backdoor
obfuscation
rat
infostealer
remcos
lumma stealer
asyncrat
github
telegram
2025-06-04
Published: June 4, 2025
Downloadable IOCs: 52

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

Cybercriminals have launched a campaign redirecting users from gaming sites and social media to fake Booking.com websites. The scam uses fake CAPTCHA prompts to trick visitors into executing malicious commands on their devices. If successful, the attack downloads and installs AsyncRAT, a backdoor T…
social engineering
asyncrat
clipboard hijacking
2025-06-03
travel booking
captcha scam
Published: June 3, 2025
Downloadable IOCs: 14

Reborn in Rust: Attempt to thwart malware analysis

AsyncRAT, a remote access trojan known since 2019, has been rewritten in Rust, marking a shift from its original C# implementation. This change aims to complicate reverse engineering efforts due to limited analysis tool support for Rust. The malware retains its core functionality, including plugin …
plugins
asyncrat
rust
command and control
remote access trojan
reverse engineering
system information
2025-05-26
tls
hardware id
rustyasyncrat
Published: May 26, 2025
Downloadable IOCs: 4

RAT Dropped By Two Layers of AutoIT Code

A malware attack involving multiple layers of AutoIT code has been discovered. The initial file, disguised as a project file, contains AutoIT script that generates and executes a PowerShell script. This script downloads an AutoIT interpreter and another layer of AutoIT code. Persistence is achieved…
rat
asyncrat
autoit
2025-05-19
Published: May 19, 2025
Downloadable IOCs: 4

MintsLoader Malware Analysis: Multi-Stage Loader Used in Cyber Attacks

MintsLoader, a malicious loader first observed in 2024, is employed in phishing and drive-by download campaigns to deploy payloads like GhostWeaver, StealC, and modified BOINC clients. It uses obfuscated JavaScript and PowerShell scripts in a multi-stage infection chain, featuring sandbox evasion t…
phishing
socgholish
asyncrat
stealc
drive-by download
boinc
mintsloader
tag-124
ghostweaver
2025-04-29
multi-stage loader
Published: April 29, 2025
Downloadable IOCs: 0

Detecting Multi-Stage Infection Chains Madness

This analysis examines a complex multi-stage attack exploiting a resilient network infrastructure known as 'Cloudflare tunnel infrastructure to deliver multiple RATs' since February 2024. The infection chain involves multiple steps, including phishing emails with malicious attachments, execution of…
phishing
asyncrat
infection chain
multi-stage attack
evasion techniques
2025-04-22
cloudflare tunnel
cyber threat intelligence
detection rules
Published: April 22, 2025
Downloadable IOCs: 15

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

A phishing campaign targeting organizations in the hospitality industry has been identified, impersonating Booking.com and using the ClickFix social engineering technique to deliver multiple credential-stealing malware. The campaign, tracked as Storm-1865, targets individuals likely to work with Bo…
xworm
phishing
social engineering
lumma stealer
asyncrat
danabot
venomrat
clickfix
netsupport rat
booking.com
2025-03-13
credential-stealing
2025-04-13
Published: April 13, 2025
Downloadable IOCs: 0

The rising threat of social engineering through fake fixes

ClickFix is an emerging social engineering tactic that manipulates users into executing malicious actions under the guise of troubleshooting or system maintenance. Attackers present fake error messages, CAPTCHA verifications, or system prompts to convince users to take actions that compromise their…
phishing
social engineering
powershell
asyncrat
clickfix
captcha
2025-03-21
command line
fake fixes
Published: March 21, 2025
Downloadable IOCs: 4

Operation AkaiRyū: Europe invited to Expo 2025 and ANEL backdoor revived

Chinese threat actor MirrorFace expanded its cyberespionage activities beyond Japan, targeting a Central European diplomatic institute in relation to Expo 2025. The group refreshed its tactics, introducing new tools like customized AsyncRAT and reviving the ANEL backdoor previously associated with …
spearphishing
asyncrat
apt10
anel
2025-03-18
windows sandbox
expo 2025
visual studio code
hiddenface
facexinjector
Published: March 18, 2025
Downloadable IOCs: 6

New Steganographic Campaign Distributing Multiple Malware Variants

A sophisticated steganographic campaign has been observed distributing multiple stealer malware variants, including Remcos, DcRAT, AgentTesla, and VIPKeyLogger. The infection chain begins with a phishing email containing an Excel file that exploits CVE-2017-0199. This leads to the download of an HT…
obfuscation
phishing
remcos
steganography
asyncrat
dcrat
CVE-2017-0199
process hollowing
remote access trojan
agenttesla
vipkeylogger
2025-03-17
Published: March 17, 2025
Linked vulnerabilities : CVE-2017-0199
Downloadable IOCs: 13

Remote Monitoring and Management (RMM) Tooling Increasingly an Attacker's First Choice

Threat actors are increasingly using legitimate remote monitoring and management (RMM) tools as initial payloads in email campaigns. This trend aligns with a decrease in the use of traditional loaders and botnets by initial access brokers. RMMs can be exploited for data collection, financial theft,…
screenconnect
rmm
remcos
lumma stealer
asyncrat
remote access
cybercrime
grandoreiro
email campaigns
netsupport
astaroth
initial access
2025-03-12
guildma
atera
mispadu
bluetrait
fleetdeck
Published: March 12, 2025
Downloadable IOCs: 15

Desert Dexter.Attacks on Middle Eastern Countries

A malicious campaign targeting residents of Middle East and North Africa has been discovered, active since September 2024. The attackers create fake news groups on social media and publish posts with links to file-sharing services or Telegram channels containing modified AsyncRAT malware. The malwa…
powershell
asyncrat
2025-03-11
crypto wallets
Published: March 11, 2025
Downloadable IOCs: 2

2024 Malicious Infrastructure Insights: Key Trends and Threats

The report highlights significant trends in malicious infrastructure for 2024, including the rise of malware-as-a-service infostealers, continued dominance of Cobalt Strike among offensive security tools, and increased use of legitimate services by threat actors. Key findings include LummaC2's domi…
lummac2
plugx
cobalt strike
asyncrat
cybercrime
infostealers
dcrat
latrodectus
botnets
mobile malware
malicious infrastructure
quasarrat
hook
gobrat
brute ratel c4
remote access trojans
2025-02-28
traffic distribution systems
mozi botnet
state-sponsored groups
command-and-control servers
solarmarker rat
offensive security tools
Published: February 28, 2025
Downloadable IOCs: 0

Fake GitHub projects distribute stealers in GitVenom campaign

The GitVenom campaign involves threat actors creating hundreds of fake repositories on GitHub containing malicious code disguised as legitimate projects. These repositories include well-designed README files and artificially inflated commit numbers to appear genuine. The malicious code, implemented…
cryptocurrency
stealer
asyncrat
open-source
github
quasar
2025-02-24
gitvenom
clipboard-hijacker
fake-projects
Published: February 24, 2025
Downloadable IOCs: 2

AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again

A new AsyncRAT malware campaign has been identified, utilizing malicious payloads delivered through TryCloudflare quick tunnels and Python packages. The attack chain begins with a phishing email containing a Dropbox URL, leading to a ZIP file with an internet shortcut. This triggers a series of dow…
xworm
phishing
python
dropbox
asyncrat
venomrat
process injection
evasion techniques
trycloudflare
remote access trojan
2025-02-01
Published: February 1, 2025
Downloadable IOCs: 0

Security Brief: Threat Actors Take Taxes Into Account

Proofpoint researchers have identified an increase in campaigns and malicious domains impersonating tax agencies and financial organizations. This aligns with the annual increase in tax-related content observed from December through April. Phishing lures impersonate government agencies and financia…
xworm
rhadamanthys
financial fraud
asyncrat
venomrat
credential harvesting
metastealer
zgrat
malware delivery
government impersonation
2025-01-28
intuit
mygov
hmrc
tax-themed phishing
revolut
Published: January 28, 2025
Downloadable IOCs: 0

APT-C-36 (Blind Eagle) continues to target Colombia

APT-C-36, known as Blind Eagle, is suspected to originate from South America and primarily targets Colombia and other South American countries. Since October 2024, the group has been using more diverse and complex attack methods against Colombian entities. Their tactics involve multi-stage payload …
asyncrat
2024-12-17
svg bait
heaven's gate
government impersonation
Published: December 17, 2024
Downloadable IOCs: 4

Analysis of Recent Attack Activities Targeting China Using Research Project Plans as Bait

The Patchwork APT group, also known as Hangover and Dropping Elephant, has been conducting cyber espionage activities since 2009, primarily targeting Asian countries including China and Pakistan. Recently, they launched a phishing campaign against Chinese research personnel using a document titled …
asyncrat
2024-12-10
badnews
Published: December 10, 2024
Downloadable IOCs: 0

Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape

Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are emp…
xworm
phishing
social engineering
powershell
darkgate
lumma stealer
asyncrat
danabot
latrodectus
netsupport
cybersecurity
clickfix
threat actors
brute ratel c4
2024-11-18
malware delivery
lucky volunteer
recaptcha phish
threat landscape
Published: November 18, 2024
Downloadable IOCs: 0

CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack

A targeted email campaign exploiting CVE-2024-38213 has been uncovered, disguised as communication related to the Gas Infrastructure Europe Annual Conference in Munich. The attack bypasses standard security protocols to deploy LummaStealer malware, stealing sensitive data. The vulnerability, known …
xworm
phishing
asyncrat
venomrat
formbook
CVE-2024-38213
2024-11-08
copy2pwn
darkgate rat
lummastealer
Published: November 8, 2024
Downloadable IOCs: 0

Analysis of AsyncRAT's Infection Tactics via Open Directories

This analysis explores two distinct methods used to infect systems with AsyncRAT through open directories. The first technique involves a multi-stage process using various obfuscated scripts (VBS, BAT, PowerShell) and disguised files to download and execute the AsyncRAT payload. The second method e…
obfuscation
powershell
asyncrat
remote access trojan
multi-stage infection
2024-11-07
vbs
scheduled tasks
bat
open directories
Published: November 7, 2024
Downloadable IOCs: 15

Malware by the (Bit)Bucket: Uncovering AsyncRAT

A sophisticated attack campaign using Bitbucket as a legitimate platform to deliver AsyncRAT has been uncovered. The multi-stage approach involves a VBScript obfuscation layer, followed by a PowerShell payload delivery mechanism, and culminates in the execution of AsyncRAT. The attackers exploit Bi…
obfuscation
rat
powershell
asyncrat
vbscript
.net
2024-10-10
bitbucket
Published: October 10, 2024
Downloadable IOCs: 0

Tweaking AsyncRAT: Using Python and TryCloudflare to Deploy Malware

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…
obfuscation
xworm
phishing
python
powershell
asyncrat
webdav
2024-10-04
shellcode injection
trycloudflare
Published: October 4, 2024
Downloadable IOCs: 15

BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar

BlindEagle, an advanced persistent threat actor, has been observed targeting the Colombian insurance sector using the BlotchyQuasar Remote Access Trojan. The attack chain begins with phishing emails impersonating the Colombian tax authority, containing links to malware hosted on compromised Google …
phishing
remcosrat
asyncrat
credential theft
banking trojan
quasarrat
2024-09-05
blotchyquasar
Published: September 5, 2024
Downloadable IOCs: 16

Exploring AsyncRAT and Infostealer Plugin Delivery Through…

This analysis details an AsyncRAT infection observed in August 2024, delivered via email. The attack chain involves a Windows Script File that downloads and executes various scripts, ultimately leading to the installation of AsyncRAT with an infostealer plugin. The malware targets multiple browsers…
phishing
powershell
infostealer
asyncrat
vbscript
2024-09-02
process hollowing
cryptocurrency wallets
browser data theft
Published: September 2, 2024
Linked vulnerabilities : CVE-2024-7593 (CVSS 9.8), CVE-2024-28986
Downloadable IOCs: 8

PureHVNC Deployed via Python Multi-stage Loader

FortiGuard Labs uncovered a sophisticated attack campaign utilizing multiple obfuscation and evasion techniques to distribute and execute various malware, including VenomRAT, XWorm, AsyncRAT, and PureHVNC. The campaign starts with a phishing email containing a malicious attachment that initiates a …
xworm
rat
phishing
asyncrat
venomrat
2024-08-09
purehvnc
Published: August 9, 2024
Downloadable IOCs: 18

Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and...

eSentire's Threat Response Unit (TRU) uncovered a malware campaign affecting a government customer. The infection involved multiple threats - XWorm, VenomRAT, PureLogs Stealer, and AsyncRAT - hosted on a TryCloudflare WebDAV server. The initial vector was a phishing email with a malicious ZIP file.…
xworm
phishing
government
asyncrat
venomrat
2024-08-05
purelogs stealer
Published: August 5, 2024
Downloadable IOCs: 7

Threat Actor Abuses Cloudflare Tunnels to Deliver RATs

Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware, particularly remote access trojans (RATs) like Xworm, AsyncRAT, VenomRAT, GuLoader, and Remcos. The campaigns employ various techniques, such as using URL files to establish connectio…
xworm
remcos
asyncrat
venomrat
guloader
rats
webdav
cloudflare
2024-08-01
Published: August 1, 2024
Downloadable IOCs: 13

Distribution of AsyncRAT Disguised as Ebook

This analysis covers the distribution of AsyncRAT malware disguised as an ebook. The compressed file contains a malicious LNK and PowerShell scripts that ultimately execute AsyncRAT. The malware employs various techniques, such as obfuscation, task scheduling, and anti-VM and anti-AV capabilities, …
obfuscation
powershell
persistence
trojan
asyncrat
2024-07-10
Published: July 10, 2024
Downloadable IOCs: 5

Exploring the Infection Chain: ScreenConnect's Link to AsyncRAT Deployment

In June 2024, eSentire's Threat Response Unit observed several incidents involving users downloading the ScreenConnect remote access client, potentially facilitated through drive-by downloads. Threat actors exploited ScreenConnect to establish unauthorized remote sessions, ultimately deploying the …
screenconnect
asyncrat
autoit
2024-07-05
nsi script
nsis installer
Published: July 5, 2024
Downloadable IOCs: 77

Side Loading through IObit against Colombia

In May 2024, researchers detected a phishing campaign impersonating the Colombian Attorney General's Office, aiming to infect systems with AsyncRAT malware. The attack employs a ZIP file containing legitimate IObit antivirus software and malicious files, utilizing DLL side-loading for execution. Wh…
phishing
asyncrat
2024-05-29
dllsideloading
processhollowing
Published: May 29, 2024
Downloadable IOCs: 3

PDF “Flawed Design” Exploitation

Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive users into executing harmful commands. The exploitation occurs through a flawed design in Foxit Reader, showing 'OK' as t…
malware
xworm
campaigns
remcos
asyncrat
2024-05-09
2024-05-14
njrat
dcrat
pdf
venomrat
exploitation
nanocore rat
pony
bladabindi
foxit
agent-tesla
njw0rm
lv
2024-05-10
Published: May 14, 2024
Downloadable IOCs: 40

Tracking the Surge in Non-PE Cyber Threats

This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware designed to breach computer systems and steal confidential data. The meticulous analysis unravels the intricate sequence, commencing with a spam email containing a malici…
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
asyncrat
analysis
spam
infection chain
2024-05-09
Published: May 9, 2024
Downloadable IOCs: 13
Click here to see more Attack Reports