216.73.216.86

A Vietnamese threat actor's shift from PXA Stealer to PureRAT

· Published 10/10/2025 08:25 · Modified 10/10/2025 08:57

Export JSON

Essential information

Published
10/10/2025 08:25
Modified
10/10/2025 08:57
Tags
2025-10-10 pureclipper purecrypter pureminer purerat pxa stealer remote access trojan vietnamese threat actor
Related entities
4 observables, 1 intrusion sets (apt), 14 techniques (mitre), 7 malware

Description

A has transitioned from using the to deploying , a commercial . The attack chain involves multiple stages, including phishing emails, Python-based infostealers, and .NET loaders. The campaign demonstrates a progression in complexity, utilizing DLL sideloading, obfuscation techniques, and defense evasion methods. The final payload, , provides the attacker with extensive control over compromised systems. The threat actor's shift to commodity malware indicates a maturing operation, lowering the barrier for sophisticated attacks. This evolution highlights the need for robust, multi-layered defense strategies to counter such adaptable threats.

External references