From infostealer to full RAT: dissecting the PureRAT attack chain
An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a full-featured, commercially available remote access trojan (RAT) known as PureRAT.
Indicators of Compromise
- ip: 157.66.26.209
- hash: 8697103bed75b09df59d9bb3a86eca32
- hash: ffd6f164c9f9248604e819b7b584c9d2907c967d
- hash: 06fc70aa08756a752546198ceb9770068a2776c5b898e5ff24af9ed4a823fd9d
- hash: f5e9e24886ec4c60f45690a0e34bae71d8a38d1c35eb04d02148cdb650dd2601
- hash: f6ed084aaa8ecf1b1e20dfa859e8f34c4c18b7ad7ac14dc189bc1fc4be1bd709
From infostealer to full RAT: dissecting the PureRAT attack chain
Description
An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a full-featured, commercially available remote access trojan (RAT) known as PureRAT.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.bleepingcomputer.com/news/security/from-infostealer-to-full-rat-dissecting-the-purerat-attack-chain/"]
- Adversary
- null
- Pulse Id
- 68e96e29b73e5334019b8810
- Threat Score
- null
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip157.66.26.209 | CC=JP ASN=ASNone |
Hash
| Value | Description | Copy |
|---|---|---|
hash8697103bed75b09df59d9bb3a86eca32 | MD5 of f6ed084aaa8ecf1b1e20dfa859e8f34c4c18b7ad7ac14dc189bc1fc4be1bd709 | |
hashffd6f164c9f9248604e819b7b584c9d2907c967d | SHA1 of f6ed084aaa8ecf1b1e20dfa859e8f34c4c18b7ad7ac14dc189bc1fc4be1bd709 | |
hash06fc70aa08756a752546198ceb9770068a2776c5b898e5ff24af9ed4a823fd9d | — | |
hashf5e9e24886ec4c60f45690a0e34bae71d8a38d1c35eb04d02148cdb650dd2601 | — | |
hashf6ed084aaa8ecf1b1e20dfa859e8f34c4c18b7ad7ac14dc189bc1fc4be1bd709 | — |
Threat ID: 68e96e4d4338e1ae7d84ca8e
Added to database: 10/10/2025, 8:36:29 PM
Last updated: 1/10/2026, 10:15:03 PM
Views: 127
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2026-01-09
MediumThreat Research: PHALT#BLYX: Fake BSODs and Trusted Build Tools
MediumReborn in Rust: MuddyWater Evolves Tooling with RustyWater Implant
MediumGuloader Malware Being Disguised as Employee Performance Reports
MediumBoto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil
MediumActions
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.