216.73.217.80

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response

· Published 12/01/2026 20:30 · Modified 13/01/2026 16:31

Export JSON

Essential information

Published
12/01/2026 20:30
Modified
13/01/2026 16:31
Tags
2026-01-12 asyncrat cloud abuse cloudflare code injection persistence phishing python social engineering webdav
Related entities
27 observables, 14 techniques (mitre), 1 malware, 7 others

Description

Threat actors exploited 's free-tier infrastructure and environments to deploy , demonstrating advanced evasion techniques. The attack begins with emails containing Dropbox links to malicious files. It uses legitimate downloads and sophisticated targeting explorer.exe. The campaign ensures through multiple vectors, including startup folder scripts and mounting. It abuses trusted infrastructure like to mask activities and evade detection. The attackers employ tactics, such as displaying legitimate PDF documents, to reduce suspicion. This campaign highlights the trend of abusing cloud services for malware delivery and execution, emphasizing the need for multi-layered security approaches.

External references