Detecting Multi-Stage Infection Chains Madness
Essential information
- Published
- 22/04/2025 09:41
- Modified
- 22/04/2025 12:46
- Tags
- 2025-04-22 asyncrat cloudflare tunnel cyber threat intelligence detection rules evasion techniques infection chain multi-stage attack phishing
- Related entities
- 15 observables, 11 techniques (mitre), 1 malware
Description
This analysis examines a complex multi-stage attack exploiting a resilient network infrastructure known as 'Cloudflare tunnel infrastructure to deliver multiple RATs' since February 2024. The infection chain involves multiple steps, including phishing emails with malicious attachments, execution of various file types (LNK, HTA, BAT, Python scripts), and eventual delivery of AsyncRAT. The attackers employ various evasion techniques and leverage public services like TryCloudflare and DynDNS. The report highlights the importance of combining cyber threat intelligence with detection rules to enhance security capabilities against evolving threats. It also provides detailed information on the attack stages, detection opportunities, and associated indicators of compromise.