Trending

#PureRAT

Latest posts tagged with #PureRAT on Bluesky

Latest Top
Trending
#Misunderstood Songs #Wildflower Hour #Firefly #Canada's Politics #Spurs #Oscars #Liverpool FC #Ukraine Conflict #U.S. Foreign Policy #F1 #Misunderstood Songs #Wildflower Hour #Firefly #Canada's Politics #Spurs #Oscars #Liverpool FC #Ukraine Conflict #U.S. Foreign Policy #F1

Posts tagged #PureRAT

The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
1 month ago
Post image

Cybercriminals are now using AI to craft deceptive job offers, deploying PureRAT malware. Stay alert and protect your systems. #CyberSecurity #AIThreats #Phishing #PureRAT Link: thedailytechfeed.com/cybercrimina...

0 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
3 months ago
Original post on infosec.exchange

RE: infosec.exchange/@VirusBulletin/115660902...

How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
Here are some typical PureRAT indicators:
:windows: .NET malware
πŸ”‘ TLS version is 1.0
πŸ«† JA3 = fc54e0d16d9764783542f0146a98b300 or 07af4aa9e4d215a5ee63f9a0a277fbe3
πŸ«† […]

0 0 1 0
ReconBee
ReconBee
@reconbee.bsky.social
4 months ago
Preview
Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware hotel patrons for the purpose of fraud read more about Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware reconbee.com/large-scale-...

#clickfix #phishing #phishingawareness #phishingattacks #hotel #pureRATmalware #PureRAT #malware

0 0 0 0
Preferente.com
Preferente.com
@preferente.com.web.brid.gy
4 months ago
Preview
Ola de estafas de origen ruso a clientes de Booking Un nΓΊmero elevado pero no determinado de clientes de Booking han sido objeto de estafa por parte de ciberdelincuentes que usando cuentas de socios de la multinacional se hicieron con las direcciones de clientes de la OTA (Alertan de un repunte de las estafas a travΓ©s de Booking). En una operaciΓ³n masiva, desde abril de […]
0 0 0 0
Hackread.com
Hackread.com
@hackread.bsky.social
4 months ago
Preview
β€œI Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

πŸ›‘ New and ongoing β€œI Paid Twice” scam hits hotels and guests using #PureRAT via ClickFix attack. Attackers breach booking accounts like #Booking.com, then message travelers about fake payment issues to steal bank info.

Read πŸ”— hackread.com/i-paid-twice...

#Cybersecurity #Malware #Phishing #ClickFix

1 1 0 0
piggo
piggo
@pigondrugs.bsky.social
4 months ago
Booking.com 'I Paid Twice' Phishing Campaign

~Sekoia~
Threat actors compromise hotels with PureRAT malware to steal Booking.com credentials, then phish guests for fraudulent payments.
-
IOCs: 85. 208. 84. 94, 77. 83. 207. 106, sqwqwasresbkng. com
-
#Malware #Phishing #PureRAT #ThreatIntel

0 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
4 months ago
Decompiled .NET code for PureRAT showing C2 server 157.66.26.209 0x0000DAC1 = TCP port 56001 0x0000DAC2 = TCP port 56002 0x0000DAC3 = TCP port 56003

Decompiled .NET code for PureRAT showing C2 server 157.66.26.209 0x0000DAC1 = TCP port 56001 0x0000DAC2 = TCP port 56002 0x0000DAC3 = TCP port 56003

The technical detail in this PureRAT analysis by Heejae Hwang (ν™©ν¬μž¬) is fantastic! The analyzed #PureRAT sample looks very similar to the one James Northey recently blogged about for @huntress. It even uses the same C2 server 157.66.26.209:56001.

0 0 0 0
Canny McAlreetson
Canny McAlreetson
@cannymcalreetson.bsky.social
6 months ago

"Priority One
Insure the safe return of more money
For analysis
All other considerations are secondary
Teammates expendable" #nufc #PureRat #IsakEarth #fuckinstagram

1 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.com
7 months ago
Preview
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec@infosec.exchange) Attached: 1 image @BleepingComputer It then drops #PureRAT aka #ResolverRAT on the victim's PC.

The threat actor then drops #PureRAT on the victim's PC
infosec.exchange/@netresec/11...

0 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.com
7 months ago
Preview
PureRAT = ResolverRAT = PureHVNC PureRAT is a Remote Access Trojan, which can be used by an attacker to remotely control someone else's PC. PureRAT provides the following features to an attacker: See the victims user interfaceInt...

How to identify #PureRAT (aka #ResolverRAT):
⛳️ C2 port is often 56001, 56002 or 56003
πŸ”’ Bot sends 04 00 00 00, then TLS handshake
πŸ”‘ Client and server run TLS 1.0
πŸ–ŠοΈ X.509 cert is self signed
πŸ“… X.509 cert expires 9999-12-31
netresec.com?b=2589522

1 1 1 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
7 months ago
Preview
@netresec

>PureRAT is the exact same malware as what Morphisec and others call ResolverRAT. PureHVNC, on the other hand, is the predecessor to PureRAT.
IOCs:
πŸ‘Ύ 193.26.115.125:8883
πŸ‘Ύ purebase.ddns[.]net:8883
πŸ‘Ύ 45.74.10.38:56001
πŸ‘Ύ 139.99.83.25:56001
https://netresec.com/?b=2589522

0 0 0 0
Tracked Changes
Tracked Changes
@acirema.dev
9 months ago
Preview
PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms PureRAT attacks on Russian firms surged 4x in 2025, using email lures and dual malware payloads.

Kaspersky reports a surge in PureRAT malware targeting Russian firms in 2025.

Attackers use phishing emails to deliver PureRAT and PureLogs a backdoor + infostealer combo. Commercial malware continues to fuel sophisticated campaigns.

#Cybersecurity #MalwareAnalysis #InfoSec #PureRAT #Russia

0 0 0 0