home.social

#purecrypter — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #purecrypter, aggregated by home.social.

  1. Do #PureLogs Stealer and #PureCrypter use the same C2 protocol, or is there some way to tell the C2 protocols apart?
    C2 servers:
    🔥 45.141.233.100:7708
    🔥 144.172.91.74:7709
    🔥 62.60.235.100:9100
    🔥 65.108.24.103:62050
    🔥 91.92.120.102:62050
    🔥 192.30.240.242:62520

  2. Good day everyone!

    Cisco Talos brings us a HOT report on a new backdoor they observed in a widespread campaign that they dubbed #TorNet, owing to the fact that the actor connects the victim's machine to the TOR network for stealthy command and control (C2) communications and detection evasion.

    Attack Summary:
    The attack starts with a phishing email with a malicious attachment, which leads to a .NET loader executing and downloads the #PureCrypter malware, which is responsible for dropping and running the TorNet backdoor. After a successful connection to the C2 server it connects the victim's machine to the TOR network which enables it to receive and run arbitrary .NET assemblies in memory.

    Behavior Summary:
    Initial Access:
    Phishing Email with Attachment - in this case, a .tgz (compressed file)

    Defense Evasion
    Released and renewed the ip address of the compromised machine - "cmd /c ipconfig /release" and "cmd /c ipconfig /renew"
    Modifcaiton of the machine - "Add-MpPreference -ExclsuionPath" and "Add-MpPreference -ExclusionProcess"

    Discovery:
    WMI Activity - "Select * from Win32_BIOS" and "Select * from Win32_ComputerSystem"

    Persistence:
    Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Dropped a VB script in the windows Startup folder

    These are just some of the behaviors, for the rest, go and enjoy the read! Happy Hunting!

    New TorNet backdoor seen in widespread campaign
    blog.talosintelligence.com/new

    Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

  3. Good day everyone!

    Cisco Talos brings us a HOT report on a new backdoor they observed in a widespread campaign that they dubbed #TorNet, owing to the fact that the actor connects the victim's machine to the TOR network for stealthy command and control (C2) communications and detection evasion.

    Attack Summary:
    The attack starts with a phishing email with a malicious attachment, which leads to a .NET loader executing and downloads the #PureCrypter malware, which is responsible for dropping and running the TorNet backdoor. After a successful connection to the C2 server it connects the victim's machine to the TOR network which enables it to receive and run arbitrary .NET assemblies in memory.

    Behavior Summary:
    Initial Access:
    Phishing Email with Attachment - in this case, a .tgz (compressed file)

    Defense Evasion
    Released and renewed the ip address of the compromised machine - "cmd /c ipconfig /release" and "cmd /c ipconfig /renew"
    Modifcaiton of the machine - "Add-MpPreference -ExclsuionPath" and "Add-MpPreference -ExclusionProcess"

    Discovery:
    WMI Activity - "Select * from Win32_BIOS" and "Select * from Win32_ComputerSystem"

    Persistence:
    Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Dropped a VB script in the windows Startup folder

    These are just some of the behaviors, for the rest, go and enjoy the read! Happy Hunting!

    New TorNet backdoor seen in widespread campaign
    blog.talosintelligence.com/new

    Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

  4. Good day everyone!

    Cisco Talos brings us a HOT report on a new backdoor they observed in a widespread campaign that they dubbed #TorNet, owing to the fact that the actor connects the victim's machine to the TOR network for stealthy command and control (C2) communications and detection evasion.

    Attack Summary:
    The attack starts with a phishing email with a malicious attachment, which leads to a .NET loader executing and downloads the #PureCrypter malware, which is responsible for dropping and running the TorNet backdoor. After a successful connection to the C2 server it connects the victim's machine to the TOR network which enables it to receive and run arbitrary .NET assemblies in memory.

    Behavior Summary:
    Initial Access:
    Phishing Email with Attachment - in this case, a .tgz (compressed file)

    Defense Evasion
    Released and renewed the ip address of the compromised machine - "cmd /c ipconfig /release" and "cmd /c ipconfig /renew"
    Modifcaiton of the machine - "Add-MpPreference -ExclsuionPath" and "Add-MpPreference -ExclusionProcess"

    Discovery:
    WMI Activity - "Select * from Win32_BIOS" and "Select * from Win32_ComputerSystem"

    Persistence:
    Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Dropped a VB script in the windows Startup folder

    These are just some of the behaviors, for the rest, go and enjoy the read! Happy Hunting!

    New TorNet backdoor seen in widespread campaign
    blog.talosintelligence.com/new

    Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

  5. Good day everyone!

    Cisco Talos brings us a HOT report on a new backdoor they observed in a widespread campaign that they dubbed #TorNet, owing to the fact that the actor connects the victim's machine to the TOR network for stealthy command and control (C2) communications and detection evasion.

    Attack Summary:
    The attack starts with a phishing email with a malicious attachment, which leads to a .NET loader executing and downloads the #PureCrypter malware, which is responsible for dropping and running the TorNet backdoor. After a successful connection to the C2 server it connects the victim's machine to the TOR network which enables it to receive and run arbitrary .NET assemblies in memory.

    Behavior Summary:
    Initial Access:
    Phishing Email with Attachment - in this case, a .tgz (compressed file)

    Defense Evasion
    Released and renewed the ip address of the compromised machine - "cmd /c ipconfig /release" and "cmd /c ipconfig /renew"
    Modifcaiton of the machine - "Add-MpPreference -ExclsuionPath" and "Add-MpPreference -ExclusionProcess"

    Discovery:
    WMI Activity - "Select * from Win32_BIOS" and "Select * from Win32_ComputerSystem"

    Persistence:
    Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Dropped a VB script in the windows Startup folder

    These are just some of the behaviors, for the rest, go and enjoy the read! Happy Hunting!

    New TorNet backdoor seen in widespread campaign
    blog.talosintelligence.com/new

    Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

  6. An unknown threat group has been targeting government agencies in Asia Pacific and North America via abuse of the popular Discord network and a hijacked website belonging to a non-profit. The two-stage attacks include enticing victims to install the PureCrypter downloader, which then delivers a variety of possible malware payloads.
    scmagazine.com/news/cybercrime #CyberSecurity #PureCrypter #Discord #NorthAmerica #APAC #government #targets

  7. Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.
    thehackernews.com/2023/02/pure #CyberSecurity #PureCrypter #malare #APAC #NorthAmerica

  8. Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.
    thehackernews.com/2023/02/pure #CyberSecurity #PureCrypter #malare #APAC #NorthAmerica

  9. Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.
    thehackernews.com/2023/02/pure #CyberSecurity #PureCrypter #malare #APAC #NorthAmerica

  10. Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.
    thehackernews.com/2023/02/pure #CyberSecurity #PureCrypter #malare #APAC #NorthAmerica

  11. 📢 Watch out for PureCrypter malware targeting government entities through #Discord by delivering a wide range of other nasty #malware.

    Details: hackread.com/purecrypter-malwa

    #Security #PureCrypter #Ransomware #Crypto