The Threat CodexFeb 3
PureRAT: Attacker Now Using AI to Build Toolset
#PureRAT
https://www.security.com/threat-intelligence/ai-purerat-phishing
PureRAT: Attacker Now Using AI to Build Toolset

Vietnam-based cybercrime actor appears to now be using AI to write scripts used in phishing campaigns

Show thread๐™ฝ๐™ด๐šƒ๐š๐™ด๐š‚๐™ด๐™ฒJan 9
@malware_traffic Thank you for sharing Brad!
The TLS traffic to 173.232.146.62:25658 looks like #AsyncRAT or possibly #PureRAT. Can you confirm if it was generated by the powershell script with MD5 90389d2988cce2fe508087618dd2f519 from fnjnbehjangelkd[.]top?
Show threadMalwareAliasDec 5

Mentioned Malware Families: ValleyRAT, PureRAT

Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_rat

#ValleyRAT #PureRAT

Aliases provided by Malpedia.

ValleyRAT (Malware Family)

Details for the ValleyRAT malware family including references, samples and yara signatures.

Show threadMalwareAliasDec 5

Mentioned Malware Families: ValleyRAT, PureRAT

Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_rat

#ValleyRAT #PureRAT

Aliases provided by Malpedia.

ValleyRAT (Malware Family)

Details for the ValleyRAT malware family including references, samples and yara signatures.

Show threadMalwareAliasDec 5

Mentioned Malware Families: ValleyRAT, PureRAT

Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_rat

#ValleyRAT #PureRAT

Aliases provided by Malpedia.

ValleyRAT (Malware Family)

Details for the ValleyRAT malware family including references, samples and yara signatures.

๐™ฝ๐™ด๐šƒ๐š๐™ด๐š‚๐™ด๐™ฒDec 5

RE: https://infosec.exchange/@VirusBulletin/115660902138702248

How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
Here are some typical PureRAT indicators:
 .NET malware
๐Ÿ”‘ TLS version is 1.0
๐Ÿซ† JA3 fc54e0d16d9764783542f0146a98b300 / 07af4aa9e4d215a5ee63f9a0a277fbe3
๐Ÿซ† JA4 t10i070500_c50f5591e341_950472255fe9 / t10i060500_4dc025c38c38_950472255fe9
๐Ÿซ† JA3S b74704234e6128f33bff9865696e31b3
๐Ÿ“ X.509 cert expires 9999-12-31 23:59:59 UTC
๐Ÿ“ก C2 often runs on TCP 56001
All of them match on the sample analyzed in Trend's report

Hackread.comNov 7

๐Ÿ›‘ New and ongoing โ€œI Paid Twiceโ€ scam hits hotels and guests using #PureRAT via ClickFix attack. Attackers breach booking accounts like #Booking.com, then message travelers about fake payment issues to steal bank info.

Read ๐Ÿ”— https://hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/

#Cybersecurity #HotelFraud #Malware #Phishing #ClickFix

โ€œI Paid Twiceโ€ Scam Infects Booking.com Users with PureRAT via ClickFix

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

๐™ฝ๐™ด๐šƒ๐š๐™ด๐š‚๐™ด๐™ฒOct 16
The technical detail in this PureRAT analysis by Heejae Hwang (ํ™ฉํฌ์žฌ) is fantastic! The analyzed #PureRAT sample looks very similar to the one James Northey recently blogged about for @huntress. It even uses the same C2 server 157.66.26.209:56001.
The DefendOps DiariesOct 9

Phishing emails that look legit and hidden DLLs are paving the way for a new breed of cyber threats. How did attackers upgrade from a simple infostealer to a full-blown RAT? Dive into the evolution of PureRAT to find out.

https://thedefendopsdiaries.com/dissecting-the-purerat-attack-chain-from-infostealer-to-full-rat/

#purerat
#cyberattack
#dllsideloading
#remotetrojan
#defenseevasion

Show thread๐™ฝ๐™ด๐šƒ๐š๐™ด๐š‚๐™ด๐™ฒAug 14, 2025
@BleepingComputer More info about these #ResolverRAT #PureRAT indicators can be found here:
https://netresec.com/?b=2589522
PureRAT = ResolverRAT = PureHVNC

PureRAT is a Remote Access Trojan, which can be used by an attacker to remotely control someone else's PC. PureRAT provides the following features to an attacker: See the victims user interfaceInteract with the victim PC using mouse and keyboardView the webcamListen to the microphoneRecord keystroke[...]

Netresec