Threats Tagged 'crysome rat'
View all threats tagged with 'crysome rat'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'crysome rat'
Click on any threat for detailed analysis and mitigation recommendations
From Phishing to Persistence: A CrySome RAT Infection Chain Analysis 0 This threat involves a sophisticated multi-stage infection chain delivering the CrySome remote access trojan (RAT) via spear-phishing with a logistics rate confirmation lure. The attack uses living-off-the-land techniques, including UAC bypass via the ICMLuaUtil COM interface and in-memory AMSI patching, to evade detection. An open-source tool, WinDefCtl, is employed to disrupt Windows Defender protections before deploying the final payload. CrySome RAT establishes persistence through scheduled tasks and enables attackers to perform hidden VNC access, remote command execution, system reconnaissance, and credential theft from Chromium-based browsers. The campaign highlights the use of publicly available tools combined with legitimate Windows processes to minimize detection and achieve full system compromise. Join the discussion | AlienVault OTX General | 07/07/2026, 14:14:56 UTC Added: 07/07/2026, 14:28:23 UTC |
Showing 1 to 1 of 1 result