👾 #UpCrypter is one of the fastest growing cyber threats of 2025.

This loader spreads via #phishing as a JS file and delivers malware like #DCRat & #PureHVNC to infected systems.

Discover its attack chain in our analysis: https://any.run/malware-trends/upcrypter/?utm_source=mastodon&utm_medium=post&utm_campaign=upcrypter&utm_content=linktomtt&utm_term=141025

Guess we're back to these...:
http://episode-windsor-subdivision-delivery.trycloudflare\.com
https://lol-julian-impossible-bermuda.trycloudflare\.com
https://italia-committees-practical-violence.trycloudflare\.com

#asyncrat #purehvnc #quasarrat

jskeywon.duckdns\.org
jbsak.duckdns\.org
jul5050quasae.duckdns\.org
ksj43ts.duckdns\.org

PureRAT is the exact same malware as what Morphisec and others call #ResolverRAT. #PureHVNC, on the other hand, is the predecessor to #PureRAT.

IOCs:
👾 193.26.115.125:8883
👾 purebase.ddns[.]net:8883
👾 45.74.10.38:56001
👾 139.99.83.25:56001
https://netresec.com/?b=2589522