สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency

Report

Home > List all groups > List all tools > List all groups using tool AsyncRAT

Threat Group Cards: A Threat Actor Encyclopedia

Tool: AsyncRAT

Names	AsyncRAT
Category	Tools
Type	Backdoor, Keylogger
Description	(Carbon Black) AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victim’s computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.
Information	<https://www.carbonblack.com/2019/11/19/threat-analysis-unit-tau-threat-intelligence-notification-asyncrat/> <https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp> <https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html> <https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign> <https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html> <https://asec.ahnlab.com/en/47525/> <https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain/> <https://asec.ahnlab.com/en/59573/> <https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html> <https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno> <https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cracked-software-or-cyber-trap-the-rising-danger-of-asyncrat-malware/> <https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/>
MITRE ATT&CK	<https://attack.mitre.org/software/S1087>
Malpedia	<https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat>
AlienVault OTX	<https://otx.alienvault.com/browse/pulses?q=tag:AsyncRAT>

Last change to this tool card: 16 August 2025

Download this tool card in JSON format

All groups using tool AsyncRAT

Changed	Name	Country	Observed
APT groups
	Blind Eagle		2018-Nov 2024
	Earth Berberoka		2022
	Operation Comando	[Unknown]	2018
	Operation Layover		2013
	Operation LiberalFace, MirrorFace		2019-Aug 2024
	Operation Spalax	[Unknown]	2020
	TA2541	[Unknown]	2017
	TA558	[Unknown]	2018-Jun 2023
	Vendetta, TA2719		2020
Other groups
	CoralRaider		2023-Feb 2024

10 groups listed (9 APT, 1 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Report incidents

+66 (0)2-123-1227

[email protected]