DomainMediumSignal 50/100
pastec.dev
First Seen
Apr 17, 2026
Last Seen
Apr 24, 2026
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
3 reports50% confidence
3
Source reports
50%
Confidence score
Category tags
active scanbase64classlibrary3exploitation activityfilegooglehttpindicatoripv4javascript filemalwarenetworkpayload filepowershellransomwareresearchedsubsequentlyt1001t1016.001t1027t1056.001t1059.001t1059.007t1071.001t1105t1125t1218.004trojanurlswebcam plugin
Activity Timeline
Apr 24Apr 24
Threat Activity Heatmap
· Peak: 2026-04-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
3
Reports
First seenApr 17, 2026
Last seenApr 24, 2026
VirusTotal
Not checked
WHOIS
- description
- DesckVB RAT is identified as a potent JavaScript-based Trojan operational as of 2026, which initiates infection through a PowerShell payload responsible for loading a .NET-based loader entirely in memory. Utilizing techniques such as in-memory assembly execution and .NET reflection, this malware can operate stealthily, thereby evading traditional security measures. The infection process commences with a heavily obfuscated JavaScript file that generates a PowerShell script, which then drops another PowerShell file in the user’s public directory and attempts to connect to a specific domain to verify internet access.
- references
- IOCs.2026.csv, https://www.pointwild.com/threat-intelligence/desckvb-rat-analysis-from-javascript-loader-to-fileless-net-rat/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 month ago · Last seen 1 month ago
Appeared in 3 threat reports