216.73.217.22

Ghost Crypt Powers PureRAT with Hypnosis

· Published 21/07/2025 08:42 · Modified 21/07/2025 11:28

Export JSON

Essential information

Published
21/07/2025 08:42
Modified
21/07/2025 11:28
Tags
2025-07-21 ghostcrypt purerat remote access trojan
Related entities
2 vulnerabilities (cve), 18 observables, 14 techniques (mitre), 1 malware

Description

In May 2025, eSentire's Threat Response Unit (TRU) uncovered a targeted attack on a U.S. accounting firm. The attackers used a newly advertised crypter service, Ghost Crypt, to sideload and obfuscate a DLL into a legitimate Windows component (csc.exe), deploying , a that surged in 2025

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (2)

CVE-2025-4632
9.8 Critical

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write …

Published
13/05/2025
Modified
13/05/2025
Received
CVE-2019-18935 KEV

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the …

Published
03/11/2021
Modified
20/12/2025

Observables (18)

  • 196.251.88.111
  • 176.65.144.123
  • fax-greenry.myhome-server.de
  • f3d98823fb6cdc226414bedc49b94e86060fcc511cc50867d63f7c989fe54aed
  • e7162b70e4f52251bedebe645ec960ce0f5cb8d5cb88555bdf9233adc5829313
  • e487f0c178515b6629c6d141c14bdef904b02ce9e8603c85faaede1171beea7f
  • db5407b34ed7dd78a10c3ffb9090ce21da82a95b43668b04d1de30e3d8a51dde
  • cc35d8ca3b34e4c5eed80ac1fb4e392fc4cb80577a3cf7604853e1fce139c6d0
  • c059bf049f0a0b2e9d5c369ba2aa94c555cccf09b13224e49b5c7f0fb99690d8
  • b182d74611ed2bb17f32f14cffc1d4123c087834340997871dc19d1334036000
  • 7e3d5c91a7bd65c40996ad75a736513ac0a7b73eef3e12de88c4e8d72dfbe0b0
  • 6f9a19fe9cdf3f9c2f1a7a4a866baf0fb02a28b196528b84eb52d1b9e6feaf91
  • 69a40bd2f667845ab95ad8438dae390f2e8b9680f4d30cb20e920c45cda565f9
  • 1ac0767e5a22839ae581ea31fcfcd693f1d35092a33576cb5269a2f7b415d964
  • 1784bbd15f47eb0a28bd2f22bb8a9a88b777c7a6fc964f446fa11579d90642ff
  • 0995a85378ba99e5fd094fbb133eb4e320c470dd0cd2220f6787ed1f9052e6f2
  • 352e51c42d5f5727a7c545752bf34d1f83f40219e7036c6959817149a51651bc
  • f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb

Techniques (MITRE) (14)

  • T1018
    Remote System Discovery
  • T1113
    Screen Capture
  • T1573
    Encrypted Channel
  • T1016
    System Network Configuration Discovery
  • T1082
    System Information Discovery
  • T1057
    Process Discovery
  • T1105
    Ingress Tool Transfer
  • T1083
    File and Directory Discovery
  • T1071
    Application Layer Protocol
  • T1140
    Deobfuscate/Decode Files or Information
  • T1033
    System Owner/User Discovery
  • T1027
    Obfuscated Files or Information
  • T1112
    Modify Registry
  • T1059
    Command and Scripting Interpreter

Malware (1)

  • PureRAT
    Family
    Published 28/01/2026 17:20 · Modified 28/01/2026 17:20

External references