home.social

#purerat β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #purerat, aggregated by home.social.

  1. @malware_traffic Thank you for sharing Brad!
    The TLS traffic to 173.232.146.62:25658 looks like #AsyncRAT or possibly #PureRAT. Can you confirm if it was generated by the powershell script with MD5 90389d2988cce2fe508087618dd2f519 from fnjnbehjangelkd[.]top?

  2. @malware_traffic Thank you for sharing Brad!
    The TLS traffic to 173.232.146.62:25658 looks like #AsyncRAT or possibly #PureRAT. Can you confirm if it was generated by the powershell script with MD5 90389d2988cce2fe508087618dd2f519 from fnjnbehjangelkd[.]top?

  3. @malware_traffic Thank you for sharing Brad!
    The TLS traffic to 173.232.146.62:25658 looks like #AsyncRAT or possibly #PureRAT. Can you confirm if it was generated by the powershell script with MD5 90389d2988cce2fe508087618dd2f519 from fnjnbehjangelkd[.]top?

  4. @malware_traffic Thank you for sharing Brad!
    The TLS traffic to 173.232.146.62:25658 looks like #AsyncRAT or possibly #PureRAT. Can you confirm if it was generated by the powershell script with MD5 90389d2988cce2fe508087618dd2f519 from fnjnbehjangelkd[.]top?

  5. @malware_traffic Thank you for sharing Brad!
    The TLS traffic to 173.232.146.62:25658 looks like #AsyncRAT or possibly #PureRAT. Can you confirm if it was generated by the powershell script with MD5 90389d2988cce2fe508087618dd2f519 from fnjnbehjangelkd[.]top?

  6. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  7. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  8. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  9. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  10. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  11. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  12. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  13. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  14. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  15. RE: infosec.exchange/@VirusBulleti

    How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
    Here are some typical PureRAT indicators:
    :windows: .NET malware
    πŸ”‘ TLS version is 1.0
    πŸ«† JA3 fc54e0d16d9764783542f0146a98b300 / 07af4aa9e4d215a5ee63f9a0a277fbe3
    πŸ«† JA4 t10i070500_c50f5591e341_950472255fe9 / t10i060500_4dc025c38c38_950472255fe9
    πŸ«† JA3S b74704234e6128f33bff9865696e31b3
    πŸ“ X.509 cert expires 9999-12-31 23:59:59 UTC
    πŸ“‘ C2 often runs on TCP 56001
    All of them match on the sample analyzed in Trend's report

  16. RE: infosec.exchange/@VirusBulleti

    How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
    Here are some typical PureRAT indicators:
    :windows: .NET malware
    πŸ”‘ TLS version is 1.0
    πŸ«† JA3 fc54e0d16d9764783542f0146a98b300 / 07af4aa9e4d215a5ee63f9a0a277fbe3
    πŸ«† JA4 t10i070500_c50f5591e341_950472255fe9 / t10i060500_4dc025c38c38_950472255fe9
    πŸ«† JA3S b74704234e6128f33bff9865696e31b3
    πŸ“ X.509 cert expires 9999-12-31 23:59:59 UTC
    πŸ“‘ C2 often runs on TCP 56001
    All of them match on the sample analyzed in Trend's report

  17. RE: infosec.exchange/@VirusBulleti

    How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
    Here are some typical PureRAT indicators:
    :windows: .NET malware
    πŸ”‘ TLS version is 1.0
    πŸ«† JA3 fc54e0d16d9764783542f0146a98b300 / 07af4aa9e4d215a5ee63f9a0a277fbe3
    πŸ«† JA4 t10i070500_c50f5591e341_950472255fe9 / t10i060500_4dc025c38c38_950472255fe9
    πŸ«† JA3S b74704234e6128f33bff9865696e31b3
    πŸ“ X.509 cert expires 9999-12-31 23:59:59 UTC
    πŸ“‘ C2 often runs on TCP 56001
    All of them match on the sample analyzed in Trend's report

  18. πŸ›‘ New and ongoing β€œI Paid Twice” scam hits hotels and guests using #PureRAT via ClickFix attack. Attackers breach booking accounts like #Booking.com, then message travelers about fake payment issues to steal bank info.

    Read πŸ”— hackread.com/i-paid-twice-scam

    #Cybersecurity #HotelFraud #Malware #Phishing #ClickFix

  19. πŸ›‘ New and ongoing β€œI Paid Twice” scam hits hotels and guests using #PureRAT via ClickFix attack. Attackers breach booking accounts like #Booking.com, then message travelers about fake payment issues to steal bank info.

    Read πŸ”— hackread.com/i-paid-twice-scam

    #Cybersecurity #HotelFraud #Malware #Phishing #ClickFix

  20. The technical detail in this PureRAT analysis by Heejae Hwang (ν™©ν¬μž¬) is fantastic! The analyzed #PureRAT sample looks very similar to the one James Northey recently blogged about for @huntress. It even uses the same C2 server 157.66.26.209:56001.

  21. The technical detail in this PureRAT analysis by Heejae Hwang (ν™©ν¬μž¬) is fantastic! The analyzed #PureRAT sample looks very similar to the one James Northey recently blogged about for @huntress. It even uses the same C2 server 157.66.26.209:56001.

  22. The technical detail in this PureRAT analysis by Heejae Hwang (ν™©ν¬μž¬) is fantastic! The analyzed #PureRAT sample looks very similar to the one James Northey recently blogged about for @huntress. It even uses the same C2 server 157.66.26.209:56001.

  23. Phishing emails that look legit and hidden DLLs are paving the way for a new breed of cyber threats. How did attackers upgrade from a simple infostealer to a full-blown RAT? Dive into the evolution of PureRAT to find out.

    thedefendopsdiaries.com/dissec

    #purerat
    #cyberattack
    #dllsideloading
    #remotetrojan
    #defenseevasion

  24. Phishing emails that look legit and hidden DLLs are paving the way for a new breed of cyber threats. How did attackers upgrade from a simple infostealer to a full-blown RAT? Dive into the evolution of PureRAT to find out.

    thedefendopsdiaries.com/dissec

    #purerat
    #cyberattack
    #dllsideloading
    #remotetrojan
    #defenseevasion

  25. Phishing emails that look legit and hidden DLLs are paving the way for a new breed of cyber threats. How did attackers upgrade from a simple infostealer to a full-blown RAT? Dive into the evolution of PureRAT to find out.

    thedefendopsdiaries.com/dissec

    #purerat
    #cyberattack
    #dllsideloading
    #remotetrojan
    #defenseevasion

  26. Phishing emails that look legit and hidden DLLs are paving the way for a new breed of cyber threats. How did attackers upgrade from a simple infostealer to a full-blown RAT? Dive into the evolution of PureRAT to find out.

    thedefendopsdiaries.com/dissec

    #purerat
    #cyberattack
    #dllsideloading
    #remotetrojan
    #defenseevasion

  27. PureRAT is the exact same malware as what Morphisec and others call #ResolverRAT. #PureHVNC, on the other hand, is the predecessor to #PureRAT.

    IOCs:
    πŸ‘Ύ 193.26.115.125:8883
    πŸ‘Ύ purebase.ddns[.]net:8883
    πŸ‘Ύ 45.74.10.38:56001
    πŸ‘Ύ 139.99.83.25:56001
    netresec.com/?b=2589522

  28. PureRAT is the exact same malware as what Morphisec and others call #ResolverRAT. #PureHVNC, on the other hand, is the predecessor to #PureRAT.

    IOCs:
    πŸ‘Ύ 193.26.115.125:8883
    πŸ‘Ύ purebase.ddns[.]net:8883
    πŸ‘Ύ 45.74.10.38:56001
    πŸ‘Ύ 139.99.83.25:56001
    netresec.com/?b=2589522

  29. PureRAT is the exact same malware as what Morphisec and others call #ResolverRAT. #PureHVNC, on the other hand, is the predecessor to #PureRAT.

    IOCs:
    πŸ‘Ύ 193.26.115.125:8883
    πŸ‘Ύ purebase.ddns[.]net:8883
    πŸ‘Ύ 45.74.10.38:56001
    πŸ‘Ύ 139.99.83.25:56001
    netresec.com/?b=2589522

  30. PureRAT is the exact same malware as what Morphisec and others call #ResolverRAT. #PureHVNC, on the other hand, is the predecessor to #PureRAT.

    IOCs:
    πŸ‘Ύ 193.26.115.125:8883
    πŸ‘Ύ purebase.ddns[.]net:8883
    πŸ‘Ύ 45.74.10.38:56001
    πŸ‘Ύ 139.99.83.25:56001
    netresec.com/?b=2589522