Press ESC to close

DarkVision RAT: A Persistent Threat Delivered via PureCrypter

Category Details
Threat Actors • Unknown threat actors using DarkVision RAT with PureCrypter loader.
Campaign Overview • DarkVision RAT campaign uses PureCrypter to deliver malware.
• Targets organizations in critical sectors like finance, healthcare, and government.
• Employs advanced obfuscation and stealth techniques for persistence and data exfiltration.
Target Regions (Victims) • Organizations globally, focusing on critical sectors such as finance, healthcare, and government.
Methodology • Distributed via phishing techniques.
• Obfuscation, API calls, and process injections.
• C2 communication over non-standard ports.
• Keylogging, screen/audio capture, registry modifications, and process manipulation.
Product Targeted • Endpoint systems and critical infrastructure within targeted sectors.
Malware Reference • DarkVision RAT, PureCrypter loader.
Tools Used • PureCrypter loader.
• Advanced obfuscation techniques.
• Keylogging and process manipulation tools.
Vulnerabilities Exploited • Not explicitly mentioned; relies on phishing and process injection for infiltration.
TTPs • T1053.005: Scheduled Task.
• T1547.001: Registry Run Keys.
• T1055: Process Injection.
• T1140: Deobfuscate/Decode Files.
• T1562.001: Disable or Modify Tools.
• T1539: Steal Web Session Cookie.
Attribution • No specific attribution provided.
Recommendations • Strengthen endpoint defenses.
• Use behavior-based detection tools.
• Monitor task creation and registry changes.
• Enforce MFA for sessions.
• Implement application whitelisting and tamper protection for AV tools.
Source  SOCRadar 

Read full article: https://socradar.io/darkvision-rat-a-threat-delivered-via-purecrypter/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: SOCRadar

Published on: December 25, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *