Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPI
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

From infostealer to full RAT: dissecting the PureRAT attack chain

0
Medium
Malwarepureratzip archivepythonlonenonepxa stealertelegramwinrarpurecrypterservicepurelogscryptoloadernetloaderpythonloaderinfostealerpxat1027t1055t1059t1071t1082t1204t1518t1547t1560t1562t1566t1573t1574t1036t1127t1106t1105t1115t1499t1140
Published: Fri Oct 10 2025 (10/10/2025, 20:35:52 UTC)
Source: AlienVault OTX General

Description

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a full-featured, commercially available remote access trojan (RAT) known as PureRAT.

Technical Details

Author
AlienVault
Tlp
white
References
["https://www.bleepingcomputer.com/news/security/from-infostealer-to-full-rat-dissecting-the-purerat-attack-chain/"]
Adversary
null
Pulse Id
68e96e29b73e5334019b8810
Threat Score
null

Indicators of Compromise

Ip

ValueDescriptionCopy
ip157.66.26.209
CC=JP ASN=ASNone

Hash

ValueDescriptionCopy
hash8697103bed75b09df59d9bb3a86eca32
MD5 of f6ed084aaa8ecf1b1e20dfa859e8f34c4c18b7ad7ac14dc189bc1fc4be1bd709
hashffd6f164c9f9248604e819b7b584c9d2907c967d
SHA1 of f6ed084aaa8ecf1b1e20dfa859e8f34c4c18b7ad7ac14dc189bc1fc4be1bd709
hash06fc70aa08756a752546198ceb9770068a2776c5b898e5ff24af9ed4a823fd9d
hashf5e9e24886ec4c60f45690a0e34bae71d8a38d1c35eb04d02148cdb650dd2601
hashf6ed084aaa8ecf1b1e20dfa859e8f34c4c18b7ad7ac14dc189bc1fc4be1bd709

Threat ID: 68e96e4d4338e1ae7d84ca8e

Added to database: 10/10/2025, 8:36:29 PM

Last updated: 10/11/2025, 2:22:06 AM

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Medium
MalwareSat Oct 11 2025

ThreatFox IOCs for 2025-10-10

Medium
MalwareSat Oct 11 2025

The ClickFix Factory: First Exposure of IUAM ClickFix Generator

Medium
MalwareFri Oct 10 2025

Crimson Collective: A New Threat Group Observed Operating in the Cloud

Medium
CampaignFri Oct 10 2025

Blog Anatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICS

Medium
MalwareFri Oct 10 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats