2024-03-14 (THURSDAY): ASYNCRAT AND XWORM INFECTION

NOTES:

• Mithrandir (@rerednawyerg) ran across this activity and authored the references below.
• The Dropbox link was still active, so I recorded an infection run on a host in my lab.
• Mithrandir provided the copies of AsyncRAT and XWorm in the malware and artifacts zip archive below.

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

REFERENCES:

• https://www.linkedin.com/posts/unit42_asyncrat-xworm-xrat-activity-7174172958414802944-YI3c
• https://twitter.com/Unit42_Intel/status/1768408063621345565

ASSOCIATED FILES:

• 2024-03-14-AsyncRAT-and-XWorm-notes.txt.zip   2.1 kB   (2,059 bytes)
• 2024-03-14-AsyncRAT-and-XWorm-infection-traffic.pcap.zip   41.9 MB   (41,900,578 bytes)
• 2024-03-14-AsyncRAT-and-XWorm-malware-and-artifacts.zip   23.5 MB   (23,464,505 bytes)

 

Click here to return to the main page.