#purerat β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #purerat, aggregated by home.social.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
RE: https://infosec.exchange/@VirusBulletin/115660902138702248
How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
Here are some typical PureRAT indicators:
:windows: .NET malware
π TLS version is 1.0
π« JA3fc54e0d16d9764783542f0146a98b300/07af4aa9e4d215a5ee63f9a0a277fbe3
π« JA4t10i070500_c50f5591e341_950472255fe9/t10i060500_4dc025c38c38_950472255fe9
π« JA3Sb74704234e6128f33bff9865696e31b3
π X.509 cert expires 9999-12-31 23:59:59 UTC
π‘ C2 often runs on TCP 56001
All of them match on the sample analyzed in Trend's report -
βI Paid Twiceβ Scam Infects Booking.com Users with PureRAT via ClickFix https://hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/ #ScamsandFraud #Cybersecurity #CyberAttack #ResolverRAT #Bookingcom #PureCoder #Security #PureHVNC #Malware #Expedia #Privacy #PureRAT #Sekoia #Travel #Hotel
-
Phishing emails that look legit and hidden DLLs are paving the way for a new breed of cyber threats. How did attackers upgrade from a simple infostealer to a full-blown RAT? Dive into the evolution of PureRAT to find out.
https://thedefendopsdiaries.com/dissecting-the-purerat-attack-chain-from-infostealer-to-full-rat/
#purerat
#cyberattack
#dllsideloading
#remotetrojan
#defenseevasion -
@BleepingComputer More info about these #ResolverRAT #PureRAT indicators can be found here:
https://netresec.com/?b=2589522 -
@BleepingComputer Transcript of the TCP sessions to 45.144.53.137:57666 reveal several #ResolverRAT / #PureRAT indicators.
-
@BleepingComputer It then drops #PureRAT aka #ResolverRAT on the victim's PC.
-
PureRAT = ResolverRAT = PureHVNC β Source: securityboulevard.com https://ciso2ciso.com/purerat-resolverrat-purehvnc-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #PureCoderβs #ResolverRat #9999-12-31 #PureHVNC #PureRAT #56001 #56002 #56003
-
PureRAT is the exact same malware as what Morphisec and others call #ResolverRAT. #PureHVNC, on the other hand, is the predecessor to #PureRAT.
IOCs:
πΎ 193.26.115.125:8883
πΎ purebase.ddns[.]net:8883
πΎ 45.74.10.38:56001
πΎ 139.99.83.25:56001
https://netresec.com/?b=2589522