AsyncRAT
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1568 | 动态解析 | ||
| Enterprise | T1113 | 屏幕捕获 |
AsyncRAT has the ability to view the screen on compromised hosts.[4] |
|
| Enterprise | T1106 | 本机API |
AsyncRAT has the ability to use OS APIs including |
|
| Enterprise | T1082 | 系统信息发现 |
AsyncRAT can check the disk size through the values obtained with |
|
| Enterprise | T1033 | 系统所有者/用户发现 |
AsyncRAT can check if the current user of a compromised system is an administrator. [3] |
|
| Enterprise | T1497 | .001 | 虚拟化/沙盒规避: System Checks |
AsyncRAT can identify strings such as Virtual, vmware, or VirtualBox to detect virtualized environments.[3] |
| Enterprise | T1125 | 视频捕获 | ||
| Enterprise | T1622 | 调试器规避 |
AsyncRAT can use the |
|
| Enterprise | T1105 | 输入工具传输 | ||
| Enterprise | T1056 | .001 | 输入捕获: Keylogging | |
| Enterprise | T1057 | 进程发现 |
AsyncRAT can examine running processes to determine if a debugger is present.[3] |
|
| Enterprise | T1564 | .003 | 隐藏伪装: Hidden Window |
AsyncRAT can hide the execution of scheduled tasks using |
| Enterprise | T1053 | .005 | 预定任务/作业: Scheduled Task |
AsyncRAT can create a scheduled task to maintain persistence on system start-up.[3] |
Groups That Use This Software
References
- Lorber, N. (2021, May 7). Revealing the Snip3 Crypter, a Highly Evasive RAT Loader. Retrieved September 13, 2023.
- Ventura, V. (2021, September 16). Operation Layover: How we tracked an attack on the aviation industry to five years of compromise. Retrieved September 15, 2023.
- Jornet, A. (2021, December 23). Snip3, an investigation into malware. Retrieved September 19, 2023.