AsynRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (26)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AsyncRAT1
Ave Maria1
Stealc1
RedLine Stealer1
Mirai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Programming Language Software2
Operating System2
Forum Software2
Video Surveillance Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Netgear2
Microsoft2
Early Impact2
ASP-DEv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

e-Quick Cart4
MidiCart PHP Shopping Cart2
Netgear SRX53082
Microsoft Windows2
libspdm2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
2ASP Portal News_Item.asp sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.009830.00CVE-2006-1353
3ASP-DEv XM Forums profile.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.000640.00CVE-2012-4060
4e-Quick Cart shopprojectlogin.asp cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
5Virtual Programming VP-ASP shopcurrency.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.006700.03CVE-2006-2263
6Oracle WebLogic Server WebLogic Console unknown vulnerability5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001790.06CVE-2013-1504
7Early Impact Product Cart viewprd.asp sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.009180.04CVE-2005-2445
8Sony PSP libTIFF memory corruption7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000420.02CVE-2006-4507
9Iatek ASPapp links.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000970.02CVE-2008-1430
10Active Web Softwares Active Business Directory default.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2008-5972
11Comersus Open Technologies Comersus Cart comersus_optreviewreadexec.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003810.06CVE-2007-3323
12DUware DUpaypal Pro cat.asp sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001920.00CVE-2005-2047
13e-Quick Cart shopprojectlogin.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
14SourceCodester Online Student Management System edit-class-detail.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.09CVE-2023-1099
15Xiamen Four Letter Video Surveillance Management System Login UserInfoAction.class improper authorization8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2023-3805
16Microsoft Azure AD Log in with Microsoft nOAuth improper authorization6.36.1$5k-$25k$0-$5kNot DefinedTemporary Fix0.000000.04
17OTCMS path traversal3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-3241
18libspdm input validation5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2023-32690
19Google Chrome Camera use after free7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000860.04CVE-2023-2458
20SourceCodester Lost and Found Information System access control7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000780.04CVE-2023-2670

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.254.37.238AsynRAT03/16/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/read.php?mudi=announContentpredictiveHigh
2Fileadmin/?page=user/manage_userpredictiveHigh
3Fileadmincp/auth/secure.phppredictiveHigh
4Filecat.asppredictiveLow
5Filecomersus_optreviewreadexec.asppredictiveHigh
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
8Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
9Filexxxx_xxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxx_xxxx.xxxpredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxx/xxxxxxxxx/xxxxxx.xxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Libraryxxxxxxxxxxxxxx.xxxxxpredictiveHigh
19ArgumentxxxxxpredictiveLow
20ArgumentxxxxxpredictiveLow
21ArgumentxxxxxxxxxxpredictiveMedium
22ArgumentxxxpredictiveLow
23Argumentxxxx_xxpredictiveLow
24Argumentxxxxxxxxxx.xxxxxxxxxxxxxpredictiveHigh
25Argumentxxxxxxx_xxpredictiveMedium
26ArgumentxxxxxxpredictiveLow
27ArgumentxxxxxxxxxxxxpredictiveMedium
28ArgumentxxxxpredictiveLow
29ArgumentxxpredictiveLow
30ArgumentxxxxxxxxxxpredictiveMedium
31ArgumentxxxxxxxxxpredictiveMedium
32Argumentxxxx_xxxxpredictiveMedium
33ArgumentxxxxxxxxxpredictiveMedium
34ArgumentxxxxxxpredictiveLow
35ArgumentxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!