Skip to content

Hide Navigation Hide TOC

AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d)

AsyncRAT is an open-source remote access tool originally available through the NYANxCAT Github repository that has been used in malicious campaigns.(Citation: Morphisec Snip3 May 2021)(Citation: Cisco Operation Layover September 2021)(Citation: Telefonica Snip3 December 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1
AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern AsyncRAT - S1087 (6a5947f3-1a36-4653-8734-526df3e1d28d) mitre-tool 1
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2