Category | Details |
---|---|
Threat Actors | • Unknown threat actors using DarkVision RAT with PureCrypter loader. |
Campaign Overview | • DarkVision RAT campaign uses PureCrypter to deliver malware. • Targets organizations in critical sectors like finance, healthcare, and government. • Employs advanced obfuscation and stealth techniques for persistence and data exfiltration. |
Target Regions (Victims) | • Organizations globally, focusing on critical sectors such as finance, healthcare, and government. |
Methodology | • Distributed via phishing techniques. • Obfuscation, API calls, and process injections. • C2 communication over non-standard ports. • Keylogging, screen/audio capture, registry modifications, and process manipulation. |
Product Targeted | • Endpoint systems and critical infrastructure within targeted sectors. |
Malware Reference | • DarkVision RAT, PureCrypter loader. |
Tools Used | • PureCrypter loader. • Advanced obfuscation techniques. • Keylogging and process manipulation tools. |
Vulnerabilities Exploited | • Not explicitly mentioned; relies on phishing and process injection for infiltration. |
TTPs | • T1053.005: Scheduled Task. • T1547.001: Registry Run Keys. • T1055: Process Injection. • T1140: Deobfuscate/Decode Files. • T1562.001: Disable or Modify Tools. • T1539: Steal Web Session Cookie. |
Attribution | • No specific attribution provided. |
Recommendations | • Strengthen endpoint defenses. • Use behavior-based detection tools. • Monitor task creation and registry changes. • Enforce MFA for sessions. • Implement application whitelisting and tamper protection for AV tools. |
Source | SOCRadar |
Read full article: https://socradar.io/darkvision-rat-a-threat-delivered-via-purecrypter/
The above summary has been generated by an AI language model
Leave a Reply