👾 #UpCrypter is one of the fastest growing cyber threats of 2025.
This loader spreads via #phishing as a JS file and delivers malware like #DCRat & #PureHVNC to infected systems.
Discover its attack chain in our analysis: https://any.run/malware-trends/upcrypter/?utm_source=mastodon&utm_medium=post&utm_campaign=upcrypter&utm_content=linktomtt&utm_term=141025
Guess we're back to these...:
http://episode-windsor-subdivision-delivery.trycloudflare\.com
https://lol-julian-impossible-bermuda.trycloudflare\.com
https://italia-committees-practical-violence.trycloudflare\.com
#asyncrat #purehvnc #quasarrat
jskeywon.duckdns\.org
jbsak.duckdns\.org
jul5050quasae.duckdns\.org
ksj43ts.duckdns\.org
PureRAT is the exact same malware as what Morphisec and others call #ResolverRAT. #PureHVNC, on the other hand, is the predecessor to #PureRAT.
IOCs:
👾 193.26.115.125:8883
👾 purebase.ddns[.]net:8883
👾 45.74.10.38:56001
👾 139.99.83.25:56001
https://netresec.com/?b=2589522
PureRAT is a Remote Access Trojan, which can be used by an attacker to remotely control someone else's PC. PureRAT provides the following features to an attacker: See the victims user interfaceInteract with the victim PC using mouse and keyboardView the webcamListen to the microphoneRecord keystroke[...]
James_inthe_box
ANY.RUN
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲