otx.alienvault.com
Open in
urlscan Pro
99.86.3.2
Public Scan
URL:
https://otx.alienvault.com/pulse/61f2ace89496fafe74bbb9c7
Submission: On January 27 via api from US — Scanned from DE
Submission: On January 27 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (173045) Suggest Edit Clone Embed Download Report Spam ASYNCRAT INTRODUCES A NEW DELIVERY TECHNIQUE * Created 32 minutes ago by AlienVault * Public * TLP: White Morphisec, through its breach prevention with Moving Target Defense technology, has identified a new, sophisticated campaign delivery which has been successfully evading the radar of many security vendors. Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted connection. This campaign has been in effect for a period of 4 to 5 months, with the lowest detection rates as presented through VirusTotal. Reference: https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign Tags: AsyncRAT, phishing, email, html, ISO file, javascript, .NET, powershell Malware Family: AsyncRAT Att&ck IDs: T1566 - Phishing , T1204.002 - Malicious File , T1193 - Spearphishing Attachment , T1434 - App Delivered via Email Attachment , T1059.007 - JavaScript , T1059.001 - PowerShell Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (30) * Related Pulses (3) * Comments (0) * History (0) FileHash-SHA256 (21)Hostname (9) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnamewthcv.sytes.netJan 27, 2022, 2:32:09 PM3 hostnamepython.myvnc.comJan 27, 2022, 2:32:09 PM3 hostnamepop11.ddns.netJan 27, 2022, 2:32:09 PM3 hostnamenomako.ddns.netJan 27, 2022, 2:32:09 PM3 hostnamenewsa.ddns.netJan 27, 2022, 2:32:09 PM3 hostnamenewopt.servehttp.comJan 27, 2022, 2:32:09 PM3 hostnameelliotgateway.ddns.netJan 27, 2022, 2:32:09 PM3 hostname2pop.ddns.netJan 27, 2022, 2:32:09 PM3 hostname11l19secondpop.ddns.netJan 27, 2022, 2:32:09 PM3 FileHash-SHA256f3b17523ef01ccf96faa276ec78f774831d9747f1e8effac902c04ec51408cc5Jan 27, 2022, 2:32:09 PM3 SHOWING 1 TO 10 OF 30 ENTRIES 1 2 3 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status