標的型攻撃グループDarkPlumが使用するAsyncRATの亜種について
2024-11-19 • NTTSecurity • AsyncRAT Variant Used by the Targeted Attack Group DarkPlum •
The report analyzes attacks in Japan attributed to DarkPlum, also referred to as APT43 or Kimsuky, involving a variant of AsyncRAT. It explains differences from the public AsyncRAT codebase, including C2 communication, plugin delivery, and observed plugins such as RemoteDesktop, FileManager, and RemoteShell, giving defenders behavior-level hunting leads.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 159.100.13.216 | 2024-09-05 | 2025-03-12 |
| HASH | 01ccbc9ac090be73f12cad8ff83b599… | 2024-11-19 | 2024-11-19 |
| HASH | 7d0d673fad1f16f153f586035b24c9e… | 2024-11-19 | 2024-11-19 |
| HASH | b3f4db35c07f8f8ce903c7a1133f195… | 2024-11-19 | 2024-11-19 |
| HASH | 4cf87cc8ec18cc288bdebb464ca21e4… | 2024-11-19 | 2024-11-19 |
| HASH | 1076743a8e2f650b80c8802f0b196b7… | 2024-11-19 | 2024-11-19 |
| HASH | f4275b0d3c4b6f3a165984b862f4890… | 2024-11-19 | 2024-11-19 |
| HASH | cd87f640cb5e020c51d2bf233f85a97… | 2024-11-19 | 2024-11-19 |
| IPv4 | 144.76.109.61 | 2023-10-30 | 2024-11-19 |
Related Actors
Related Reports
2024-10-03 •
60% Match
#Cryptocurrency
#Kimsuky
#Phishing
#APT43
#Government
#Espionage
#Defense
#DarkPlum
Shares tag: DarkPlum • Same author: NTTSecurity
Shares tag: DarkPlum • Same author: NTTSecurity
2025-03-12 •
29% Match
#Konni
#LNK
#AsyncRAT
#T1027.013
#T1059.003
#T1567.002
#T1059.007
#T1204.002
#T1547.001
#T1053.005
#T1059.001
#T1102
#T1620
#T1027.010
#T1070
#T1132
Shares tag: AsyncRAT • Shares 1 IOC
Shares tag: AsyncRAT
Shares tag: AsyncRAT
Shares tag: AsyncRAT