Tag: purecrypter
6 attack reports | 0 vulnerabilities
Attack reports
DarkVision RAT
DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
Downloadable IOCs 0
VayGren and Mr.Burns: Strong Ties in Finance
F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given,…
Downloadable IOCs 131
Examining Water Infection Routine Leading to an XMRig Cryptominer
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
Downloadable IOCs 13
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns
A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.
Downloadable IOCs 10
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
Downloadable IOCs 12
DarkVision RAT
DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
Downloadable IOCs 0
VayGren and Mr.Burns: Strong Ties in Finance
F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given,…
Downloadable IOCs 131
Examining Water Infection Routine Leading to an XMRig Cryptominer
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
Downloadable IOCs 13
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns
A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.
Downloadable IOCs 10
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
Downloadable IOCs 12
DarkVision RAT
DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
Downloadable IOCs 0
VayGren and Mr.Burns: Strong Ties in Finance
F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given,…
Downloadable IOCs 131
Examining Water Infection Routine Leading to an XMRig Cryptominer
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
Downloadable IOCs 13
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns
A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.
Downloadable IOCs 10
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
Downloadable IOCs 12
DarkVision RAT
DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
Downloadable IOCs 0
VayGren and Mr.Burns: Strong Ties in Finance
F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given,…
Downloadable IOCs 131
Examining Water Infection Routine Leading to an XMRig Cryptominer
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
Downloadable IOCs 13
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns
A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.
Downloadable IOCs 10
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
Downloadable IOCs 12
DarkVision RAT
DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
Downloadable IOCs 0
VayGren and Mr.Burns: Strong Ties in Finance
F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given,…
Downloadable IOCs 131
Examining Water Infection Routine Leading to an XMRig Cryptominer
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
Downloadable IOCs 13
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns
A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.
Downloadable IOCs 10
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
Downloadable IOCs 12
DarkVision RAT
DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
Downloadable IOCs 0
VayGren and Mr.Burns: Strong Ties in Finance
F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given,…
Downloadable IOCs 131
Examining Water Infection Routine Leading to an XMRig Cryptominer
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader and XMRig cryptocurrency miner. The actor exploits vulnerabilities in Oracle WebLogic servers, employing fileless execution tactics like DLL reflective and process injec…
Downloadable IOCs 13
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns
A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.
Downloadable IOCs 10
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
Downloadable IOCs 12