Reconnecting to live updates…

PureRAT: Attacker Now Using AI to Build Toolset

Severity: mediumType: malware

A Vietnamese threat actor is employing AI to develop code for an ongoing phishing campaign delivering PureRAT malware and other payloads. The attacks begin with phishing emails disguised as job opportunities, potentially targeting work computers. The attacker's use of AI is evidenced by detailed comments and numbered steps in scripts, as well as instructions in debug messages. The attack chain involves malicious archives, sideloaded DLLs, and batch scripts likely authored using AI. The attacker appears to be continually refining their methods and may be selling access to compromised organizations. This case demonstrates how AI can lower the barrier to entry for less skilled attackers, helping them write code and build attack toolkits.

AI Analysis

Technical Summary

The PureRAT threat involves a Vietnamese cybercriminal group leveraging artificial intelligence to develop and refine malware toolsets used in phishing campaigns. The attackers send emails masquerading as job opportunities to lure victims into executing malicious payloads on their work devices. The use of AI is evident in the malware's code, which contains detailed comments, numbered steps, and debug instructions, indicating automated or semi-automated code generation. The attack chain includes delivery of malicious archives that contain batch scripts and DLL files which are sideloaded to evade detection. Techniques such as DLL sideloading (T1218.011), scheduled task execution (T1053), process injection (T1055), and user execution (T1204) are employed to maintain persistence and evade defenses. The malware likely includes HVNC (Hidden Virtual Network Computing) capabilities, allowing attackers to remotely control compromised systems stealthily. The attacker appears to be iteratively improving their toolkit and may monetize access to infected organizations. This case exemplifies how AI can empower less skilled threat actors by automating complex coding tasks, thereby increasing the volume and sophistication of attacks. No CVSS score is assigned, and no known exploits in the wild have been reported yet, but the threat is ongoing and evolving.

Potential Impact

For European organizations, the PureRAT campaign poses significant risks to confidentiality, integrity, and availability. The phishing vector targeting job seekers or employees increases the likelihood of successful initial compromise, especially in sectors with high recruitment activity or remote work. Once inside, attackers can use HVNC to stealthily control systems, exfiltrate sensitive data, deploy additional payloads, or move laterally within networks. The use of DLL sideloading and batch scripts complicates detection and response, potentially allowing prolonged undetected access. This can lead to data breaches, intellectual property theft, operational disruption, and reputational damage. Organizations in Europe with extensive supply chains or critical infrastructure may face heightened risks if attackers sell access to other malicious actors. The AI-assisted nature of the malware development suggests rapid evolution and adaptation, requiring continuous vigilance.

Mitigation Recommendations

European organizations should implement multi-layered defenses tailored to this threat. Specifically, enhance phishing detection by using advanced email filtering solutions that analyze attachments and links for AI-generated content and suspicious job offer themes. Conduct targeted user awareness training focusing on recognizing fraudulent job offers and phishing tactics. Monitor for DLL sideloading by employing endpoint detection and response (EDR) tools capable of detecting anomalous DLL loads and batch script executions. Restrict execution of scripts and unsigned binaries via application control policies such as Microsoft AppLocker or Windows Defender Application Control. Implement network segmentation to limit lateral movement and deploy behavioral analytics to detect HVNC or remote control activity. Regularly audit scheduled tasks and persistence mechanisms for unauthorized entries. Finally, establish incident response plans that include rapid containment and forensic analysis to address AI-assisted malware campaigns.

Affected Countries

Germany, United Kingdom, France, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: https://ginten555333.com/Libraries/UnZipV2
hash: 13b590c480144992e1edff05a76b9e47
hash: 16d42e1dbe5fa2072e6debbffd8daa4c
hash: 39394961ebf8783b46c0d54e10b42bda
hash: 61437cf2f9ac88117923570ce25f3fad
hash: 68c2a80adcdd6fb410db11ef111c764a
hash: 7d7a97ea35b09bd418cce5addc3c6b1a
hash: a93298f07025798b4adb7a1d2b0a27fb
hash: ac5937c04e88fae9a45cbda2b9da8871
hash: b11c94284807b16b3c3d319f2ce4f098
hash: b381c94b8337ea67e502921955bc1d9c
hash: b76102f47f5f1f5dd280dc6d74aa01ef
hash: bc24dae70f4119b67854f6684fc117c5
hash: bfb4aa740748e60caf01f45bc81a3b2c
hash: c72a28f660132ea571ac1bc7984d7267
hash: d141169b46dd99a65b75473d4074e867
hash: e31c64a247e261b86847a36fc8adf7d9
hash: f19cfeed94541223ec07cf2f40b18dce
hash: 06bc667cdb924ce284daa6d08ed3bdb6f3e1ed8f
hash: 0bc08d5e7991c63a4116734b0a20ca9b8e7b2288
hash: 149d28da14792087fddbafe7d27663080159e673
hash: 1cbfdaa3fadb7d30245fbbb375a78da07d37213f
hash: 1e0784f6cb056f84c5ff6e23301a8c9fa47e8611
hash: 3661d220ec6783122aa8ccd1c9f19ff935d951d1
hash: 4a48d89b68686d6c1b92f024ae6d5428e7c39563
hash: 50770a91ebdc6d26fe7764c8cc37ccf74bc1e297
hash: 566031089584b1968ae9e7537b708067dcb63e1b
hash: 7c39648e28f17ace1d4cb6f2828cc634d6879da4
hash: c1d002c799bc834fc3060917af2968e96a20f79d
hash: d8b510e76075cdf6001c12938590f566b3126e56
hash: ebcd68c3172538b2a08cfb23b26eb4607b0fbc48
hash: ece85b0de0bcc0c22695b31c362aa2204026ab25
hash: f0e5be862cc63502fb462016327fa2c732ee9a82
hash: fb3ff991ceaaad8ddcc9fcdac7dcb2e213a6543d
hash: fc2baf88dcd021080e15febb5d58dc93da4d28d6
hash: 06ad3e407d5370648350e64e11278fc974197ae26fa02457c5dea645d3936bc1
hash: 0a683540902704d640041438fd585bf4e0636d37c1711c1893bb09c10e854928
hash: 10debd8d5819879435d349855e7792b57b94334251357b3580dd4dd3311246c3
hash: 1280cba4e109220ce4b17e722a55f31977112df3fa170b417f67227483677cc5
hash: 12a7f1aec5303e3e2eee59d9616b7e440f9c877d0db76620e8768c85433f3762
hash: 21779c1ca04a01a58b31d6a2dabaaee4a83d839922535d6520e629699adaf6be
hash: 21aba2329d9a6f68fdc358c487a54523beb8ee7751ec69779f53df09b14f5e10
hash: 2caaf6ec466cd38dccd20a5555633e20d11ee3b345e0b93e12daabdffa676228
hash: 2d0da28f388a9870184d0ac3905cd61947cf18830245f204033200a27c2dc3c0
hash: 2e92c68a1d4447275e4f35e9726779c72388a6f74ddfad9b73f0c02aa5b480c4
hash: 31dbfc89186553536f88cde60228024edbcb7fb042da6be05d75653a87999cc0
hash: 397eed8ff076484896dd40fefa697f714d1f2a06e1dfacf90e821283f10b41e6
hash: 3e927da764492a8122c822ab566956a65f255bd6da9f312e8e72f4d9856b8225
hash: 415a2eded0537280c574ff8927c6ffafb7685487ce01fdee9185425ff09770ac
hash: 4728b3b51c10ec8d03d4fa82172df4ea96c0c19249c230aa7e4202434c46ba19
hash: 49d3fe3a00d8d3e247a3462e334ecd204dc9378c48ba55f19fc2a6c07ca7fd6b
hash: 4f52905aef07da42553fb843022efcfa985ad7ee7fd8a0cc58cddcd65290ccf9
hash: 5044d19ed26c72423e1039cc8c02631639a21287d1f885500bc089c6375fa719
hash: 5524b58ed2ee28c592d08a884711cb503355491dc6b474ed95a842944e7ced3b
hash: 58f029907441888fcb38bc7ef3cb854f79f47a78ef8363b8420c7c95a60c63a7
hash: 5b5d67a4fb1ff53f39988d34ea2adf62f09d6aac685c2d17f6336202eff217ee
hash: 66fbf7bf5040308f4a194a6259d6490958d03ae3105964d53fd35e42a9a40197
hash: 6fe62e780bacbdf22c7cf522dc84d9a9757cf80980e43b5a3a6d4a98a1f4b61a
hash: 70defb76cc82faf19e7183aa8f92ccaf3942b39524ee80610a77aa02a690b762
hash: 7ee96809a375c35dc03abd02cd0acdd4849af5785f7c37679d4eabb739b455c0
hash: 834653eff148cb83dbfdb20ec6f769d2e454fdac4fe40bbd47bf4663f796dfec
hash: 8387e6fe5adcb90a42abdf9ed6cdfdbea66bb431f6aa7fc32d5f7137fc140090
hash: 8389c6564abc4a7556abdc72f399fb3339db9492628d25eda1a3cec954c0c68d
hash: 8a15a4a4d5158b8826b478a33e407bd1ffb39e010e0986a5547f114ffe6e9167
hash: 98fef41aa11235e714b458259bba9720c2de0e88b7a190167bd0077ee1e038f4
hash: 9b94a6d16e357bf57e84db3a749f40231841f2a34cec414256d5c8f63facf84c
hash: 9fdc1691e1c96acff6cb18a26f135fabaec5ceed394b28dabac068a991c4f0e7
hash: a0c26e5fd249e284b403a74250cd1f5d34c6b90369b082c8050267f7efc6d15d
hash: a1f3c59c59eabfd89a6be69bea4d10e4a490ac6e9c931e8fa4c4b2c8e7580389
hash: a6cc3ee93342adc4ac9a0e9600504199688b20fea4e9e5a06d3b3a2b6fbfc075
hash: aec135d23f695c9338e1333a8c975544053e8c2615f842b73b085bc96906696d
hash: b04b506eb06303d00b3f02d0dbcd20d3bfe93e4030c6db1655136198ea40e9c3
hash: b398e081284b09c8c049e319e87d74bf4df4f0423efbab9202fdc64ed7ca9fd9
hash: ba2f77577811cbf5c1ba579e730e283a076157612a73137213296a3851d901ea
hash: bce2cd273f4610387c32bfb80ecd0402c70d97f89c57611e7f79344033da3e55
hash: c1c509f40ede7d4a33a092114bbab1e6b4d29fbf21f6ce5f2356902506b6c8f3
hash: c5ad8eaae4d107523300d4e6681a15a94848adb8f13516e0d00575fc32957997
hash: d06ec13250708cab022d76b78adf8bbe3b4cf1d7f6e483f2624c18d232e3f896
hash: d293aa394efe4112ed95951aafc43e04975d8c9d715dcb170b4d3ae0cec8af5b
hash: d3fb96a634269b8fb1cc1edaa2c4fdcff60aab887da7de4dc9f7c968c9bb49b1
hash: d45eb4b8130132055b44ffe4462888d5bb90f11ac0c07312d09b8b8abc0b23ce
hash: da37825fb5428c6788db3296b0bfaaa8197704699bcdb240d8b032350faa59ae
hash: dcefa82d7ac6887a253effb54d611e8df15177a993c7d53e453e5ea92f404983
hash: de1ed295857e5551dd7ff1ff34f92d670ef237acf3c4326ddd94bf0956b6a807
hash: de2f6a3056f74e104e0e9134c2652662a8fc0e9ccf519e83c033b6df0a98ae05
hash: df38de5eb1f5d534e1a836fbf34552bc80d722bb5301976707ee2dd78997bfc5
hash: e59655948efb89b4d905dd4bbbac28c7a06e4a03ec5bc93b9ea1c0a43f91bfcf
hash: e62e0851ddf145c3c2c1fb1fbccb7252dce0edd427c8ba74d9b6ff813c36c728
hash: e927e64c4d88c19d708dca504bcf220fd25cbc6fa91e573eba97e52d745288fc
hash: ea0630d4582cbf033fa75d4ce1f1e8371181ed58d7961f0c98b66f458ca46c45
hash: ecb67b475457fdd3bfbb7a0911b657a1eb8343ca982e5037b062914d991e772e
hash: efe49c9134756beba5b475b5e396fdf72a917bb007310bb69d4299c10259ee42
hash: effba77be35fb75299883957d3acf9560970a054bc85d20457552e3511293cd0
hash: f2d07dd0dda0c0fd94427fa03b5fd83a73933904678b35afd8723130d65196e0
hash: f35958930f3f4e8a13f09c2c3eba4771652b6a03338913ddeb6b0278c306bec6
hash: f3c54064ae75e0f7aaec74acf749716d15f8f1856f002f5ccb3bcb9daf140171
hash: f83cf38fd1315530c6d325eb5082c1fe38e0037fdd28dec5e7e2bdd6cd75e3ed
hash: fae70495819c22d4563d2ece75b4dce210635ebc3136b69365b40564f26b7efa
hash: fcd644e03e1958122feb1b7163df49927bb4e4d09c51948b5950e5d809ecf955
ip: 103.166.185.228
ip: 196.251.86.145
url: http://139.99.17.175/test_exe/AdobeReader.exe
url: http://139.99.17.175/test_exe/msimg32.dll
url: http://139.99.17.175/test_exe/oledlg.dll
url: http://139.99.17.175/test_exe/sv_chost.exe
url: http://139.99.17.175/test_exe/version.dll
url: https://dmca-wipo.com/nauh
url: https://ginten555333.com/Libraries/PythonCode
url: https://ginten555333.com/Libraries/VahGG.html
url: https://ginten555333.com/LibraryInstalling/PyCharm
domain: dmca-wipo.com
domain: ginten555333.com

PureRAT: Attacker Now Using AI to Build Toolset

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, United Kingdom, France, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: https://ginten555333.com/Libraries/UnZipV2
hash: 13b590c480144992e1edff05a76b9e47
hash: 16d42e1dbe5fa2072e6debbffd8daa4c
hash: 39394961ebf8783b46c0d54e10b42bda
hash: 61437cf2f9ac88117923570ce25f3fad
hash: 68c2a80adcdd6fb410db11ef111c764a
hash: 7d7a97ea35b09bd418cce5addc3c6b1a
hash: a93298f07025798b4adb7a1d2b0a27fb
hash: ac5937c04e88fae9a45cbda2b9da8871
hash: b11c94284807b16b3c3d319f2ce4f098
hash: b381c94b8337ea67e502921955bc1d9c
hash: b76102f47f5f1f5dd280dc6d74aa01ef
hash: bc24dae70f4119b67854f6684fc117c5
hash: bfb4aa740748e60caf01f45bc81a3b2c
hash: c72a28f660132ea571ac1bc7984d7267
hash: d141169b46dd99a65b75473d4074e867
hash: e31c64a247e261b86847a36fc8adf7d9
hash: f19cfeed94541223ec07cf2f40b18dce
hash: 06bc667cdb924ce284daa6d08ed3bdb6f3e1ed8f
hash: 0bc08d5e7991c63a4116734b0a20ca9b8e7b2288
hash: 149d28da14792087fddbafe7d27663080159e673
hash: 1cbfdaa3fadb7d30245fbbb375a78da07d37213f
hash: 1e0784f6cb056f84c5ff6e23301a8c9fa47e8611
hash: 3661d220ec6783122aa8ccd1c9f19ff935d951d1
hash: 4a48d89b68686d6c1b92f024ae6d5428e7c39563
hash: 50770a91ebdc6d26fe7764c8cc37ccf74bc1e297
hash: 566031089584b1968ae9e7537b708067dcb63e1b
hash: 7c39648e28f17ace1d4cb6f2828cc634d6879da4
hash: c1d002c799bc834fc3060917af2968e96a20f79d
hash: d8b510e76075cdf6001c12938590f566b3126e56
hash: ebcd68c3172538b2a08cfb23b26eb4607b0fbc48
hash: ece85b0de0bcc0c22695b31c362aa2204026ab25
hash: f0e5be862cc63502fb462016327fa2c732ee9a82
hash: fb3ff991ceaaad8ddcc9fcdac7dcb2e213a6543d
hash: fc2baf88dcd021080e15febb5d58dc93da4d28d6
hash: 06ad3e407d5370648350e64e11278fc974197ae26fa02457c5dea645d3936bc1
hash: 0a683540902704d640041438fd585bf4e0636d37c1711c1893bb09c10e854928
hash: 10debd8d5819879435d349855e7792b57b94334251357b3580dd4dd3311246c3
hash: 1280cba4e109220ce4b17e722a55f31977112df3fa170b417f67227483677cc5
hash: 12a7f1aec5303e3e2eee59d9616b7e440f9c877d0db76620e8768c85433f3762
hash: 21779c1ca04a01a58b31d6a2dabaaee4a83d839922535d6520e629699adaf6be
hash: 21aba2329d9a6f68fdc358c487a54523beb8ee7751ec69779f53df09b14f5e10
hash: 2caaf6ec466cd38dccd20a5555633e20d11ee3b345e0b93e12daabdffa676228
hash: 2d0da28f388a9870184d0ac3905cd61947cf18830245f204033200a27c2dc3c0
hash: 2e92c68a1d4447275e4f35e9726779c72388a6f74ddfad9b73f0c02aa5b480c4
hash: 31dbfc89186553536f88cde60228024edbcb7fb042da6be05d75653a87999cc0
hash: 397eed8ff076484896dd40fefa697f714d1f2a06e1dfacf90e821283f10b41e6
hash: 3e927da764492a8122c822ab566956a65f255bd6da9f312e8e72f4d9856b8225
hash: 415a2eded0537280c574ff8927c6ffafb7685487ce01fdee9185425ff09770ac
hash: 4728b3b51c10ec8d03d4fa82172df4ea96c0c19249c230aa7e4202434c46ba19
hash: 49d3fe3a00d8d3e247a3462e334ecd204dc9378c48ba55f19fc2a6c07ca7fd6b
hash: 4f52905aef07da42553fb843022efcfa985ad7ee7fd8a0cc58cddcd65290ccf9
hash: 5044d19ed26c72423e1039cc8c02631639a21287d1f885500bc089c6375fa719
hash: 5524b58ed2ee28c592d08a884711cb503355491dc6b474ed95a842944e7ced3b
hash: 58f029907441888fcb38bc7ef3cb854f79f47a78ef8363b8420c7c95a60c63a7
hash: 5b5d67a4fb1ff53f39988d34ea2adf62f09d6aac685c2d17f6336202eff217ee
hash: 66fbf7bf5040308f4a194a6259d6490958d03ae3105964d53fd35e42a9a40197
hash: 6fe62e780bacbdf22c7cf522dc84d9a9757cf80980e43b5a3a6d4a98a1f4b61a
hash: 70defb76cc82faf19e7183aa8f92ccaf3942b39524ee80610a77aa02a690b762
hash: 7ee96809a375c35dc03abd02cd0acdd4849af5785f7c37679d4eabb739b455c0
hash: 834653eff148cb83dbfdb20ec6f769d2e454fdac4fe40bbd47bf4663f796dfec
hash: 8387e6fe5adcb90a42abdf9ed6cdfdbea66bb431f6aa7fc32d5f7137fc140090
hash: 8389c6564abc4a7556abdc72f399fb3339db9492628d25eda1a3cec954c0c68d
hash: 8a15a4a4d5158b8826b478a33e407bd1ffb39e010e0986a5547f114ffe6e9167
hash: 98fef41aa11235e714b458259bba9720c2de0e88b7a190167bd0077ee1e038f4
hash: 9b94a6d16e357bf57e84db3a749f40231841f2a34cec414256d5c8f63facf84c
hash: 9fdc1691e1c96acff6cb18a26f135fabaec5ceed394b28dabac068a991c4f0e7
hash: a0c26e5fd249e284b403a74250cd1f5d34c6b90369b082c8050267f7efc6d15d
hash: a1f3c59c59eabfd89a6be69bea4d10e4a490ac6e9c931e8fa4c4b2c8e7580389
hash: a6cc3ee93342adc4ac9a0e9600504199688b20fea4e9e5a06d3b3a2b6fbfc075
hash: aec135d23f695c9338e1333a8c975544053e8c2615f842b73b085bc96906696d
hash: b04b506eb06303d00b3f02d0dbcd20d3bfe93e4030c6db1655136198ea40e9c3
hash: b398e081284b09c8c049e319e87d74bf4df4f0423efbab9202fdc64ed7ca9fd9
hash: ba2f77577811cbf5c1ba579e730e283a076157612a73137213296a3851d901ea
hash: bce2cd273f4610387c32bfb80ecd0402c70d97f89c57611e7f79344033da3e55
hash: c1c509f40ede7d4a33a092114bbab1e6b4d29fbf21f6ce5f2356902506b6c8f3
hash: c5ad8eaae4d107523300d4e6681a15a94848adb8f13516e0d00575fc32957997
hash: d06ec13250708cab022d76b78adf8bbe3b4cf1d7f6e483f2624c18d232e3f896
hash: d293aa394efe4112ed95951aafc43e04975d8c9d715dcb170b4d3ae0cec8af5b
hash: d3fb96a634269b8fb1cc1edaa2c4fdcff60aab887da7de4dc9f7c968c9bb49b1
hash: d45eb4b8130132055b44ffe4462888d5bb90f11ac0c07312d09b8b8abc0b23ce
hash: da37825fb5428c6788db3296b0bfaaa8197704699bcdb240d8b032350faa59ae
hash: dcefa82d7ac6887a253effb54d611e8df15177a993c7d53e453e5ea92f404983
hash: de1ed295857e5551dd7ff1ff34f92d670ef237acf3c4326ddd94bf0956b6a807
hash: de2f6a3056f74e104e0e9134c2652662a8fc0e9ccf519e83c033b6df0a98ae05
hash: df38de5eb1f5d534e1a836fbf34552bc80d722bb5301976707ee2dd78997bfc5
hash: e59655948efb89b4d905dd4bbbac28c7a06e4a03ec5bc93b9ea1c0a43f91bfcf
hash: e62e0851ddf145c3c2c1fb1fbccb7252dce0edd427c8ba74d9b6ff813c36c728
hash: e927e64c4d88c19d708dca504bcf220fd25cbc6fa91e573eba97e52d745288fc
hash: ea0630d4582cbf033fa75d4ce1f1e8371181ed58d7961f0c98b66f458ca46c45
hash: ecb67b475457fdd3bfbb7a0911b657a1eb8343ca982e5037b062914d991e772e
hash: efe49c9134756beba5b475b5e396fdf72a917bb007310bb69d4299c10259ee42
hash: effba77be35fb75299883957d3acf9560970a054bc85d20457552e3511293cd0
hash: f2d07dd0dda0c0fd94427fa03b5fd83a73933904678b35afd8723130d65196e0
hash: f35958930f3f4e8a13f09c2c3eba4771652b6a03338913ddeb6b0278c306bec6
hash: f3c54064ae75e0f7aaec74acf749716d15f8f1856f002f5ccb3bcb9daf140171
hash: f83cf38fd1315530c6d325eb5082c1fe38e0037fdd28dec5e7e2bdd6cd75e3ed
hash: fae70495819c22d4563d2ece75b4dce210635ebc3136b69365b40564f26b7efa
hash: fcd644e03e1958122feb1b7163df49927bb4e4d09c51948b5950e5d809ecf955
ip: 103.166.185.228
ip: 196.251.86.145
url: http://139.99.17.175/test_exe/AdobeReader.exe
url: http://139.99.17.175/test_exe/msimg32.dll
url: http://139.99.17.175/test_exe/oledlg.dll
url: http://139.99.17.175/test_exe/sv_chost.exe
url: http://139.99.17.175/test_exe/version.dll
url: https://dmca-wipo.com/nauh
url: https://ginten555333.com/Libraries/PythonCode
url: https://ginten555333.com/Libraries/VahGG.html
url: https://ginten555333.com/LibraryInstalling/PyCharm
domain: dmca-wipo.com
domain: ginten555333.com

Source: AlienVault OTX General

Published: Wed Jan 28 2026

PureRAT: Attacker Now Using AI to Build Toolset

Medium

Malwarephishing ai-assisted sideloading hvnc vietnam cybercrime job offers purerat t1218.011 t1053 t1140 t1055 t1204 t1547.001 t1566 t1027 t1059.003

Published: Wed Jan 28 2026 (01/28/2026, 17:20:03 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

AILast updated: 01/28/2026, 19:05:17 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.security.com/threat-intelligence/ai-purerat-phishing"]
Adversary: null
Pulse Id: 697a454330d96ae56f959ed4
Threat Score: null

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://ginten555333.com/Libraries/UnZipV2	—
urlhttp://139.99.17.175/test_exe/AdobeReader.exe	—
urlhttp://139.99.17.175/test_exe/msimg32.dll	—
urlhttp://139.99.17.175/test_exe/oledlg.dll	—
urlhttp://139.99.17.175/test_exe/sv_chost.exe	—
urlhttp://139.99.17.175/test_exe/version.dll	—
urlhttps://dmca-wipo.com/nauh	—
urlhttps://ginten555333.com/Libraries/PythonCode	—
urlhttps://ginten555333.com/Libraries/VahGG.html	—
urlhttps://ginten555333.com/LibraryInstalling/PyCharm	—

Hash

Value	Description	Copy
hash13b590c480144992e1edff05a76b9e47	—
hash16d42e1dbe5fa2072e6debbffd8daa4c	—
hash39394961ebf8783b46c0d54e10b42bda	—
hash61437cf2f9ac88117923570ce25f3fad	—
hash68c2a80adcdd6fb410db11ef111c764a	—
hash7d7a97ea35b09bd418cce5addc3c6b1a	—
hasha93298f07025798b4adb7a1d2b0a27fb	—
hashac5937c04e88fae9a45cbda2b9da8871	—
hashb11c94284807b16b3c3d319f2ce4f098	—
hashb381c94b8337ea67e502921955bc1d9c	—
hashb76102f47f5f1f5dd280dc6d74aa01ef	—
hashbc24dae70f4119b67854f6684fc117c5	—
hashbfb4aa740748e60caf01f45bc81a3b2c	—
hashc72a28f660132ea571ac1bc7984d7267	—
hashd141169b46dd99a65b75473d4074e867	—
hashe31c64a247e261b86847a36fc8adf7d9	—
hashf19cfeed94541223ec07cf2f40b18dce	—
hash06bc667cdb924ce284daa6d08ed3bdb6f3e1ed8f	—
hash0bc08d5e7991c63a4116734b0a20ca9b8e7b2288	—
hash149d28da14792087fddbafe7d27663080159e673	—
hash1cbfdaa3fadb7d30245fbbb375a78da07d37213f	—
hash1e0784f6cb056f84c5ff6e23301a8c9fa47e8611	—
hash3661d220ec6783122aa8ccd1c9f19ff935d951d1	—
hash4a48d89b68686d6c1b92f024ae6d5428e7c39563	—
hash50770a91ebdc6d26fe7764c8cc37ccf74bc1e297	—
hash566031089584b1968ae9e7537b708067dcb63e1b	—
hash7c39648e28f17ace1d4cb6f2828cc634d6879da4	—
hashc1d002c799bc834fc3060917af2968e96a20f79d	—
hashd8b510e76075cdf6001c12938590f566b3126e56	—
hashebcd68c3172538b2a08cfb23b26eb4607b0fbc48	—
hashece85b0de0bcc0c22695b31c362aa2204026ab25	—
hashf0e5be862cc63502fb462016327fa2c732ee9a82	—
hashfb3ff991ceaaad8ddcc9fcdac7dcb2e213a6543d	—
hashfc2baf88dcd021080e15febb5d58dc93da4d28d6	—
hash06ad3e407d5370648350e64e11278fc974197ae26fa02457c5dea645d3936bc1	—
hash0a683540902704d640041438fd585bf4e0636d37c1711c1893bb09c10e854928	—
hash10debd8d5819879435d349855e7792b57b94334251357b3580dd4dd3311246c3	—
hash1280cba4e109220ce4b17e722a55f31977112df3fa170b417f67227483677cc5	—
hash12a7f1aec5303e3e2eee59d9616b7e440f9c877d0db76620e8768c85433f3762	—
hash21779c1ca04a01a58b31d6a2dabaaee4a83d839922535d6520e629699adaf6be	—
hash21aba2329d9a6f68fdc358c487a54523beb8ee7751ec69779f53df09b14f5e10	—
hash2caaf6ec466cd38dccd20a5555633e20d11ee3b345e0b93e12daabdffa676228	—
hash2d0da28f388a9870184d0ac3905cd61947cf18830245f204033200a27c2dc3c0	—
hash2e92c68a1d4447275e4f35e9726779c72388a6f74ddfad9b73f0c02aa5b480c4	—
hash31dbfc89186553536f88cde60228024edbcb7fb042da6be05d75653a87999cc0	—
hash397eed8ff076484896dd40fefa697f714d1f2a06e1dfacf90e821283f10b41e6	—
hash3e927da764492a8122c822ab566956a65f255bd6da9f312e8e72f4d9856b8225	—
hash415a2eded0537280c574ff8927c6ffafb7685487ce01fdee9185425ff09770ac	—
hash4728b3b51c10ec8d03d4fa82172df4ea96c0c19249c230aa7e4202434c46ba19	—
hash49d3fe3a00d8d3e247a3462e334ecd204dc9378c48ba55f19fc2a6c07ca7fd6b	—
hash4f52905aef07da42553fb843022efcfa985ad7ee7fd8a0cc58cddcd65290ccf9	—
hash5044d19ed26c72423e1039cc8c02631639a21287d1f885500bc089c6375fa719	—
hash5524b58ed2ee28c592d08a884711cb503355491dc6b474ed95a842944e7ced3b	—
hash58f029907441888fcb38bc7ef3cb854f79f47a78ef8363b8420c7c95a60c63a7	—
hash5b5d67a4fb1ff53f39988d34ea2adf62f09d6aac685c2d17f6336202eff217ee	—
hash66fbf7bf5040308f4a194a6259d6490958d03ae3105964d53fd35e42a9a40197	—
hash6fe62e780bacbdf22c7cf522dc84d9a9757cf80980e43b5a3a6d4a98a1f4b61a	—
hash70defb76cc82faf19e7183aa8f92ccaf3942b39524ee80610a77aa02a690b762	—
hash7ee96809a375c35dc03abd02cd0acdd4849af5785f7c37679d4eabb739b455c0	—
hash834653eff148cb83dbfdb20ec6f769d2e454fdac4fe40bbd47bf4663f796dfec	—
hash8387e6fe5adcb90a42abdf9ed6cdfdbea66bb431f6aa7fc32d5f7137fc140090	—
hash8389c6564abc4a7556abdc72f399fb3339db9492628d25eda1a3cec954c0c68d	—
hash8a15a4a4d5158b8826b478a33e407bd1ffb39e010e0986a5547f114ffe6e9167	—
hash98fef41aa11235e714b458259bba9720c2de0e88b7a190167bd0077ee1e038f4	—
hash9b94a6d16e357bf57e84db3a749f40231841f2a34cec414256d5c8f63facf84c	—
hash9fdc1691e1c96acff6cb18a26f135fabaec5ceed394b28dabac068a991c4f0e7	—
hasha0c26e5fd249e284b403a74250cd1f5d34c6b90369b082c8050267f7efc6d15d	—
hasha1f3c59c59eabfd89a6be69bea4d10e4a490ac6e9c931e8fa4c4b2c8e7580389	—
hasha6cc3ee93342adc4ac9a0e9600504199688b20fea4e9e5a06d3b3a2b6fbfc075	—
hashaec135d23f695c9338e1333a8c975544053e8c2615f842b73b085bc96906696d	—
hashb04b506eb06303d00b3f02d0dbcd20d3bfe93e4030c6db1655136198ea40e9c3	—
hashb398e081284b09c8c049e319e87d74bf4df4f0423efbab9202fdc64ed7ca9fd9	—
hashba2f77577811cbf5c1ba579e730e283a076157612a73137213296a3851d901ea	—
hashbce2cd273f4610387c32bfb80ecd0402c70d97f89c57611e7f79344033da3e55	—
hashc1c509f40ede7d4a33a092114bbab1e6b4d29fbf21f6ce5f2356902506b6c8f3	—
hashc5ad8eaae4d107523300d4e6681a15a94848adb8f13516e0d00575fc32957997	—
hashd06ec13250708cab022d76b78adf8bbe3b4cf1d7f6e483f2624c18d232e3f896	—
hashd293aa394efe4112ed95951aafc43e04975d8c9d715dcb170b4d3ae0cec8af5b	—
hashd3fb96a634269b8fb1cc1edaa2c4fdcff60aab887da7de4dc9f7c968c9bb49b1	—
hashd45eb4b8130132055b44ffe4462888d5bb90f11ac0c07312d09b8b8abc0b23ce	—
hashda37825fb5428c6788db3296b0bfaaa8197704699bcdb240d8b032350faa59ae	—
hashdcefa82d7ac6887a253effb54d611e8df15177a993c7d53e453e5ea92f404983	—
hashde1ed295857e5551dd7ff1ff34f92d670ef237acf3c4326ddd94bf0956b6a807	—
hashde2f6a3056f74e104e0e9134c2652662a8fc0e9ccf519e83c033b6df0a98ae05	—
hashdf38de5eb1f5d534e1a836fbf34552bc80d722bb5301976707ee2dd78997bfc5	—
hashe59655948efb89b4d905dd4bbbac28c7a06e4a03ec5bc93b9ea1c0a43f91bfcf	—
hashe62e0851ddf145c3c2c1fb1fbccb7252dce0edd427c8ba74d9b6ff813c36c728	—
hashe927e64c4d88c19d708dca504bcf220fd25cbc6fa91e573eba97e52d745288fc	—
hashea0630d4582cbf033fa75d4ce1f1e8371181ed58d7961f0c98b66f458ca46c45	—
hashecb67b475457fdd3bfbb7a0911b657a1eb8343ca982e5037b062914d991e772e	—
hashefe49c9134756beba5b475b5e396fdf72a917bb007310bb69d4299c10259ee42	—
hasheffba77be35fb75299883957d3acf9560970a054bc85d20457552e3511293cd0	—
hashf2d07dd0dda0c0fd94427fa03b5fd83a73933904678b35afd8723130d65196e0	—
hashf35958930f3f4e8a13f09c2c3eba4771652b6a03338913ddeb6b0278c306bec6	—
hashf3c54064ae75e0f7aaec74acf749716d15f8f1856f002f5ccb3bcb9daf140171	—
hashf83cf38fd1315530c6d325eb5082c1fe38e0037fdd28dec5e7e2bdd6cd75e3ed	—
hashfae70495819c22d4563d2ece75b4dce210635ebc3136b69365b40564f26b7efa	—
hashfcd644e03e1958122feb1b7163df49927bb4e4d09c51948b5950e5d809ecf955	—

Ip

Value	Description	Copy
ip103.166.185.228	—
ip196.251.86.145	—

Domain

Value	Description	Copy
domaindmca-wipo.com	—
domainginten555333.com	—

Threat ID: 697a5a904623b1157ce3616d

Added to database: 1/28/2026, 6:50:56 PM

Last enriched: 1/28/2026, 7:05:17 PM

Last updated: 1/30/2026, 1:02:04 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

PureRAT: Attacker Now Using AI to Build Toolset

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

PureRAT: Attacker Now Using AI to Build Toolset

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Hash

Ip

Domain

Community Reviews

Related Threats

ThreatFox IOCs for 2026-01-29

Dissecting UAT-8099: New persistence mechanisms and regional focus

Exposed BYOB C2 Infrastructure Reveals a Multi-Stage Malware Deployment

Approaching Cyclone: Vortex Werewolf Attacks Russia

ThreatFox IOCs for 2026-01-28

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility