{"id":54830,"date":"2023-12-11T00:00:00","date_gmt":"2023-12-11T00:00:00","guid":{"rendered":"urn:uuid:28297df0-1740-ffa0-df16-f9bb59edb8bd"},"modified":"2023-12-11T00:00:00","modified_gmt":"2023-12-11T00:00:00","slug":"analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/","title":{"rendered":"Analyzing AsyncRAT&#8217;s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/AsyncRAT-cover:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/AsyncRAT-cover.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>AsyncRAT scans specific folders within the application directory, browser extensions, and user data to identify folder names associated with particular crypto wallets, verifying their presence in the system.<\/p>\n<p>The code snippet of the crypto wallet-checking prologue conducts queries for certain directories relating to the following wallet strings:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Atomic<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Binance<\/span><\/li>\n<li><span class=\"rte-red-bullet\">BinanceEdge<\/span><\/li>\n<li><span class=\"rte-red-bullet\">BitcoinCore<\/span><\/li>\n<li><span class=\"rte-red-bullet\">BitKeep<\/span><\/li>\n<li><span class=\"rte-red-bullet\">BitPay<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Coinbase<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Coinomi<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Electrum<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Exodus<\/span><\/li>\n<li><span class=\"rte-red-bullet\">F2a<\/span><\/li>\n<li><span class=\"rte-red-bullet\">LedgerLive<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Meta<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Phantom<\/span><\/li>\n<li><span class=\"rte-red-bullet\">RabbyWallet<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Ronin<\/span><\/li>\n<li><span class=\"rte-red-bullet\">TronLink<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Trust<\/span><\/li>\n<\/ul>\n<p>As of early 2023, AsyncRAT infections <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/unmasking-asyncrat-new-infection-chain\/?&amp;web_view=true\">still persist<\/a>, employing various file types, including PowerShell, Windows Script File (WSF), and VBScript (VBS) to bypass antivirus detection measures. Notably, <i><a href=\"https:\/\/any.run\/malware-trends\/?\">Any.run<\/a><\/i> consistently reports AsyncRAT ranking among the top ten weekly malware trends over the past few months.<\/p>\n<p>Our recent investigations align with this trend, although there are nuanced differences in the dropped scripts, utilized domains, and observed injection processes. Despite these changes in tactics, one consistent aspect is the use of dynamic DNS (DDNS) services \u2014 such as those provided by No-IP and DuckDNS \u2014 for network infrastructure.<\/p>\n<p>Analyzing the decrypted AsyncRAT payload, it becomes evident that the certificate employed is associated with AsyncRAT Server, a characteristic trait of AsyncRAT C&amp;C traffic. Typically, the Subject Common Name is configured as either &#8220;AsyncRAT Server&#8221; or &#8220;AsyncRAT Server CA,&#8221; (as mentioned in our <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/i\/ssl-tls-technical-brief\/ssl-tls-technical-brief.pdf\">previous technical brief<\/a> on SSL\/TLS communications). Examining the Subject Common Name proves valuable in identifying AsyncRAT infections.<\/p>\n<p>The malware configuration reveals the presence of the ID 3LOSH RAT. This implies that the payload may have utilized the <a href=\"https:\/\/blog.talosintelligence.com\/asyncrat-3losh-update\/\">3LOSH crypter<\/a> for obfuscation and stealth, potentially explaining the use of multiple scripts across different stages of the infection chain. The previous research from Talos showed similar instances where such infections leverage the elusiveness provided by crypters to enhance operational efficiency.<\/p>\n<p>During our investigation of the AsyncRAT sample files, we identified <a href=\"https:\/\/github.com\/NYAN-x-CAT\/AsyncRAT-C-Sharp\/tree\/master\/AsyncRAT-C%23\">code similarities<\/a> between the injection code used for <i>aspnet_compiler.exe<\/i> and an open-source repository on GitHub. &nbsp;Two notable distinctions emerged between the AsyncRAT sample obtained from our customer&#8217;s environment and the version on the GitHub repository. First, our acquired sample includes <i>BoolWallets<\/i> as one of the scanned cryptocurrency wallets. Second, the GitHub version lacks keylogging capabilities. The code we acquired, however, exhibits keylogging functionalities, <a href=\"https:\/\/github.com\/NYAN-x-CAT\/LimeLogger\/blob\/master\/LimeLogger\/LimeLogger.cs\">resembling another sample<\/a> found in the GitHub repository. These variances suggest that the attacker customized the GitHub code to align with their specific goals.<\/p>\n<p>Dynamic DNS allows threat actors to swiftly change the IP address associated with a domain name, posing a challenge for security systems attempting to detect and block malicious activities. Our recent investigations have unveiled C&amp;C domains registered under No-IP and Dynu Systems, Inc. One domain, <i>66escobar181[.]ddns[.]net<\/i>, resolved to the IP address 185[.]150[.]25[.]181. VirusTotal analysis indicates multiple domains flagged as malicious, all converging to the same IP address.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/l\/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog entry delves into MxDR&#8217;s unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":54831,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9511,9508,9513,9509],"class_list":["post-54830","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-endpoints","tag-trend-micro-research-malware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Analyzing AsyncRAT&#039;s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analyzing AsyncRAT&#039;s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-11T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/AsyncRAT-cover:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Analyzing AsyncRAT&#8217;s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases\",\"datePublished\":\"2023-12-11T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/\"},\"wordCount\":471,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/\",\"name\":\"Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases.png\",\"datePublished\":\"2023-12-11T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases.png\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Analyzing AsyncRAT&#8217;s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/","og_locale":"en_US","og_type":"article","og_title":"Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-12-11T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/AsyncRAT-cover:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Analyzing AsyncRAT&#8217;s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases","datePublished":"2023-12-11T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/"},"wordCount":471,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/12\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : Endpoints","Trend Micro Research : Malware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/","url":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/","name":"Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/12\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases.png","datePublished":"2023-12-11T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/12\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/12\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases.png","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-asyncrats-code-injection-into-aspnet_compiler-exe-across-multiple-incident-response-cases\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Analyzing AsyncRAT&#8217;s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54830"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54830\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/54831"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}