February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-2809 – IBM OpenBMC Vulnerability
December 16, 2022Rewterz Threat Advisory – CVE-2020-4497 – IBM Spectrum Protect Plus Vulnerability
December 16, 2022Rewterz Threat Advisory – CVE-2022-2809 – IBM OpenBMC Vulnerability
December 16, 2022Rewterz Threat Advisory – CVE-2020-4497 – IBM Spectrum Protect Plus Vulnerability
December 16, 2022
Severity
High
Analysis Summary
AsyncRAT is an open-source tool designed for remote monitoring via encrypted connections. However, it could be utilized by threat actors as it provides keylogging, remote access, and other functionality that could damage a victim’s computer or system. This tool can be used to send malicious files to the system which once executed can be a source to other malicious software. These can also be used to transfer malicious programs into USB drives and can infect other systems.
Numerous malware campaigns and threat actors have utilized AsyncRAT in various recent attacks. More recently, a social engineering campaign that targeted Thailand pass (an online travel agency) consumers were observed. Additionally, the Follina Outbreak in Australia spread AsyncRAT as a malicious payload.
AsyncRAT can be delivered through a number of techniques, including spear-phishing, malicious advertising, exploit kits, and others.
Impact
- Unauthorized Access
- Information Theft
Indicators of Compromise
MD5
8d8ba183b96eaa5fe721060b7f37905c
b2b2a161e7a05236ed58161fbfbcdc77
6064742c6f8a136b29ed885915389ba9
369792e4dd5b52ce36403fff34f4a99b
SHA-256
8af96920cc3565dea5bd923d276be018f1fd259943e99d1c5c7ed9abd61f13e5
89969afeca46512d82d5abd9f2fcdaac7bfcfcc9fded8072c49664414bdce90f
55df3917ad56d204f96fd28eef9f0803169383497fd543a6e5c4dabbfa897d52
3275b32fec54f3fc881edde92ecb823133a1fd59a047b33bfc28adef7db53f79
SHA-1
f67a05770055305a97fc559ad78a7360cd7d317c
f6d26ac8a35c90d5a0986280e19d1ec6f71f985a
5bdb7964d9524b0c1c2ceabadc72e6abee55afc3
a0ac285cb2a62afb95f809a27990b73037fda709
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Patch and upgrade any platforms and software timely and make it into a standard security policy.
- Enforced Access Management Policies.
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.