Contact

Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell

NetmanageIT OpenCTI - opencti.netmanageit.com

Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell



SUMMARY :

The intelligence report details the discovery and analysis of an attack campaign by the APT-K-47 organization, also known as Mysterious Elephant. The attackers used a CHM file to execute a malicious payload, which is an upgraded version of their Asyncshell tool. The new version, dubbed Asyncshell-v4, features base64 variant algorithm for string hiding, disguised C2 requests, and reduced log messages. The report traces the evolution of Asyncshell through four versions, from its first discovery in January 2024 to the latest capture. The tool has been used in attacks targeting various countries, including Pakistan, Bangladesh, and Turkey, often using decoy documents related to government and religious topics.

OPENCTI LABELS :

chm,c2,base64,asyncshell,hajj


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell