Campaigns
DarkVision RAT Deployed: Malware Campaign Targets Systems via PureCrypter – Strengthen Your Defenses Now

DarkVision RAT Deployed: Malware Campaign Targets Systems via PureCrypter – Strengthen Your Defenses Now

DarkVision RATPureCrypter LoaderRemote Access Trojan (RAT)KeyloggingProcess InjectionPassword TheftPrivilege Escalation
The DarkVision RAT malware campaign is actively targeting systems using the PureCrypter loader to infiltrate networks and compromise data. This campaign page provides critical insights into the threat, including how it operates and why it's essential to strengthen your defenses now. Learn about the dangers of this attack and how to protect your systems against emerging cybersecurity risks. Stay ahead of the threat with our expert guidance.

Indicators of Compromise

No domains found for this campaign

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

ID

Technique Name

Remediation

T1053.005

Scheduled Task

Limit task creation to authorized users. Use Group Policies to restrict task scheduling, monitor scheduled tasks, and audit for unauthorized entries.

T1547.001

Registry Run Keys / Startup Folder

Monitor changes in registry keys and startup folders using endpoint detection tools. Restrict unauthorized users from modifying registry settings via GPO.

T1055

Process Injection

Deploy behavior-based detection systems to monitor API calls (NtCreateSection, NtMapViewOfSection). Use EDR tools and enforce application whitelisting.

T1140

Deobfuscate/Decode Files or Information

Implement monitoring tools to detect obfuscation or decoding activities. Use DLP solutions to prevent transfer of encoded data and monitor network traffic.

T1562.001

Disable or Modify Tools

Restrict modification of antivirus settings. Regularly audit Windows Defender exclusion lists and use tamper protection in security tools to block unauthorized changes.

T1539

Steal Web Session Cookie

Harden browser settings by enabling "SameSite" attributes. Enforce MFA for login sessions and block unauthorized browser plugins.

T1010

Application Window Discovery

Restrict access to system-level information. Use endpoint tools to monitor API calls related to window discovery. Limit user access to system processes.

T1057

Process Discovery

Limit process discovery to administrative users. Use EDR tools to monitor API calls associated with process enumeration and alert on suspicious activity.

T1082

System Information Discovery

Use endpoint protection to monitor access to system information. Implement RBAC (role-based access control) and regularly audit logs for unauthorized system scans.

T1083

File and Directory Discovery

Restrict file and directory access using ACLs (access control lists). Monitor access activities using logging and use DLP solutions for sensitive file protection.

T1123

Audio Capture

Limit microphone access to authorized applications only. Monitor for unauthorized microphone usage and audit logs regularly.

T1125

Video Capture

Use webcam privacy tools to notify users of unauthorized access. Restrict video capture access to trusted applications using endpoint protection.

T1113

Screen Capture

Deploy tools to detect unauthorized screen captures. Educate users on recognizing suspicious activity and audit logs for screen capture attempts.

T1056.001

Input Capture: Keylogging

Install anti-keylogging software. Use encrypted input methods for sensitive data and monitor for suspicious keylogging activities in system logs.

T1219

Remote Access Software

Disable or limit remote access software. Use MFA and network segmentation to protect remote access. Monitor VNC/hVNC traffic for unauthorized access.

T1571

Non-Standard Port

Monitor and block non-standard ports using firewalls and network monitoring tools. Implement strict port usage policies to allow only authorized traffic.

T1529

System Shutdown/Reboot

Restrict system shutdown/reboot permissions to administrative users. Monitor and alert on shutdown/reboot commands, particularly for critical systems.

Observed Countries250

AD (300)
AE (792)
AF (771)
AG (436)
AI (955)
AL (705)
AM (92)
AO (643)
AQ (803)
AR (418)
AS (864)
AT (219)
AU (877)
AW (741)
AX (523)
AZ (481)
BA (710)
BB (123)
BD (175)
BE (269)
BF (857)
BG (328)
BH (75)
BI (348)
BJ (962)
BL (896)
BM (606)
BN (987)
BO (974)
BQ (497)
BR (217)
BS (221)
BT (387)
BV (746)
BW (403)
BY (702)
BZ (72)
CA (7)
CC (181)
CD (374)
CF (795)
CG (686)
CH (633)
CI (898)
CK (164)
CL (559)
CM (789)
CN (818)
CO (307)
CR (619)
CU (192)
CV (422)
CW (942)
CX (587)
CY (192)
CZ (890)
DE (392)
DJ (144)
DK (101)
DM (765)
DO (410)
DZ (273)
EC (592)
EE (71)
EG (474)
EH (143)
ER (88)
ES (330)
ET (78)
FI (779)
FJ (320)
FK (302)
FM (422)
FO (55)
FR (573)
GA (383)
GB (127)
GD (864)
GE (745)
GF (173)
GG (7)
GH (754)
GI (825)
GL (521)
GM (852)
GN (517)
GP (460)
GQ (619)
GR (558)
GS (152)
GT (909)
GU (28)
GW (130)
GY (155)
HK (6)
HM (444)
HN (723)
HR (539)
HT (924)
HU (260)
ID (934)
IE (34)
IL (480)
IM (509)
IN (273)
IO (300)
IQ (387)
IR (702)
IS (607)
IT (582)
JE (490)
JM (137)
JO (305)
JP (109)
KE (520)
KG (489)
KH (376)
KI (711)
KM (978)
KN (580)
KP (581)
KR (161)
KW (935)
KY (559)
KZ (995)
LA (267)
LB (708)
LC (346)
LI (455)
LK (334)
LR (517)
LS (664)
LT (147)
LU (534)
LV (822)
LY (624)
MA (15)
MC (389)
MD (746)
ME (951)
MF (801)
MG (517)
MH (535)
MK (485)
ML (171)
MM (483)
MN (581)
MO (55)
MP (102)
MQ (641)
MR (791)
MS (654)
MT (390)
MU (394)
MV (826)
MW (114)
MX (680)
MY (877)
MZ (273)
NA (585)
NC (594)
NE (669)
NF (322)
NG (843)
NI (70)
NL (554)
NO (734)
NP (459)
NR (989)
NU (984)
NZ (954)
OM (144)
PA (38)
PE (368)
PF (557)
PG (479)
PH (173)
PK (153)
PL (145)
PM (807)
PN (999)
PR (229)
PS (847)
PT (564)
PW (513)
PY (872)
QA (313)
RE (455)
RO (609)
RS (282)
RU (558)
RW (329)
SA (264)
SB (132)
SC (131)
SD (604)
SE (789)
SG (45)
SH (21)
SI (853)
SJ (983)
SK (664)
SL (88)
SM (924)
SN (536)
SO (436)
SR (643)
SS (706)
ST (409)
SV (479)
SX (857)
SY (448)
SZ (338)
TC (338)
TD (2)
TF (607)
TG (747)
TH (785)
TJ (331)
TK (415)
TL (23)
TM (599)
TN (478)
TO (124)
TR (948)
TT (936)
TV (635)
TW (616)
TZ (970)
UA (782)
UG (48)
UM (54)
US (610)
UY (711)
UZ (273)
VA (803)
VC (332)
VE (310)
VG (470)
VI (591)
VN (292)
VU (281)
WF (247)
WS (352)
XK (689)
YE (357)
YT (350)
ZA (176)
ZM (777)
ZW (512)