Rewterz Threat Advisory – CVE-2022-3238 – Linux Kernel Vulnerability
December 6, 2022Rewterz Threat Alert – North Korea Linked Konni APT Group – Active IOCs
December 6, 2022Rewterz Threat Advisory – CVE-2022-3238 – Linux Kernel Vulnerability
December 6, 2022Rewterz Threat Alert – North Korea Linked Konni APT Group – Active IOCs
December 6, 2022Severity
High
Analysis Summary
AsyncRAT is an open-source tool designed for remote monitoring via encrypted connections. However, it could be utilized by threat actors as it provides keylogging, remote access, and other functionality that could damage a victim’s computer or system. This tool can be used to send malicious files to the system which once executed can be a source to other malicious software. These can also be used to transfer malicious programs into USB drives and can infect other systems.
Numerous malware campaigns and threat actors have utilized AsyncRAT in various recent attacks. More recently, a social engineering campaign that targeted Thailand pass (an online travel agency) consumers were observed. Additionally, the Follina Outbreak in Australia spread AsyncRAT as a malicious payload.
AsyncRAT can be delivered through a number of techniques, including spear-phishing, malicious advertising, exploit kits, and others.
Impact
- Unauthorized Access
- Information Theft
Indicators of Compromise
MD5
b053c0ae7e661821fb518b47470997e4
f559c085934e6e7d98e6d520684196eb
5e586cec53a266bfe070814c16c1f1dd
ba88096aed1d0887ac87096eb02f31d7
SHA-256
b849210061c7a281cad816da9807f70a98ea8290d936d5df1649772851965cdd
198886528a13c0f7f03536bac4a5c449d3b21131887efa7595c9e9a56a2cfc0e
036ebef5b4a2d221a1574365d87e989579227ce89abcc4ada44c373e3e50521d
c65474ab1e1cf358b34fb782e40b9208d967624bb63d4f58a749d7b27c0aee71
SHA-1
a6f973970ca00a3adcc2911226716c7e19f25628
3a829e2faeaa5a48556770cc159a4e291a91a9c3
5345359b9483f0ecc4e6fd163cd6d1514fa942a7
653ec005de1c9eaa01d0caf97fd4a4c568263df1
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Do not download document ?les attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Patch and upgrade any platforms and software timely and make it into a standard security policy.
- Enforced Access Management Policies.
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.