Detecting Multi-Stage Infection Chains Madness

SUMMARY :

This analysis examines a complex multi-stage attack exploiting a resilient network infrastructure known as 'Cloudflare tunnel infrastructure to deliver multiple RATs' since February 2024. The infection chain involves multiple steps, including phishing emails with malicious attachments, execution of various file types (LNK, HTA, BAT, Python scripts), and eventual delivery of AsyncRAT. The attackers employ various evasion techniques and leverage public services like TryCloudflare and DynDNS. The report highlights the importance of combining cyber threat intelligence with detection rules to enhance security capabilities against evolving threats. It also provides detailed information on the attack stages, detection opportunities, and associated indicators of compromise.

OPENCTI LABELS :

phishing,asyncrat,evasion techniques,infection chain,multi-stage attack,cloudflare tunnel,cyber threat intelligence,detection rules


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Detecting Multi-Stage Infection Chains Madness