{ "name": "PureRAT: Attacker Now Using AI to Build Toolset", "slug": "purerat-attacker-now-using-ai-to-build-toolset", "description": "A Vietnamese threat actor is employing AI to develop code for an ongoing phishing campaign delivering PureRAT malware and other payloads. The attacks begin with phishing emails disguised as job opportunities, potentially targeting work computers. The attacker's use of AI is evidenced by detailed comments and numbered steps in scripts, as well as instructions in debug messages. The attack chain involves malicious archives, sideloaded DLLs, and batch scripts likely authored using AI. The attacker appears to be continually refining their methods and may be selling access to compromised organizations. This case demonstrates how AI can lower the barrier to entry for less skilled attackers, helping them write code and build attack toolkits.", "published": "2026-01-28T16:20:03+00:00", "created_at": "2026-01-28T16:20:03+00:00", "modified_at": "2026-01-28T17:53:35+00:00", "created_at_opencti": "2026-01-28T16:20:03+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2026-01-28", "ai-assisted", "cybercrime", "hvnc", "job offers", "phishing", "purerat", "sideloading", "vietnam" ], "related_entities": { "observables": [ { "id": "", "name": "103.166.185.228" }, { "id": "", "name": "196.251.86.145" }, { "id": "", "name": "https://dmca-wipo.com/nauh" }, { "id": "", "name": "http://139.99.17.175/test_exe/oledlg.dll" }, { "id": "", "name": "http://139.99.17.175/test_exe/sv_chost.exe" }, { "id": "", "name": "http://139.99.17.175/test_exe/version.dll" }, { "id": "", "name": "https://ginten555333.com/Libraries/PythonCode" }, { "id": "", "name": "https://ginten555333.com/Libraries/VahGG.html" }, { "id": "", "name": "https://ginten555333.com/LibraryInstalling/PyCharm" }, { "id": "", "name": "http://139.99.17.175/test_exe/AdobeReader.exe" }, { "id": "", "name": "http://139.99.17.175/test_exe/msimg32.dll" }, { "id": "", "name": "https://ginten555333.com/Libraries/UnZipV2" }, { "id": "", "name": "a1f3c59c59eabfd89a6be69bea4d10e4a490ac6e9c931e8fa4c4b2c8e7580389" }, { "id": "", "name": "efe49c9134756beba5b475b5e396fdf72a917bb007310bb69d4299c10259ee42" }, { "id": "", "name": "0a683540902704d640041438fd585bf4e0636d37c1711c1893bb09c10e854928" }, { "id": "", "name": "66fbf7bf5040308f4a194a6259d6490958d03ae3105964d53fd35e42a9a40197" }, { "id": "", "name": "9fdc1691e1c96acff6cb18a26f135fabaec5ceed394b28dabac068a991c4f0e7" }, { "id": "", "name": "f2d07dd0dda0c0fd94427fa03b5fd83a73933904678b35afd8723130d65196e0" }, { "id": "", "name": "f83cf38fd1315530c6d325eb5082c1fe38e0037fdd28dec5e7e2bdd6cd75e3ed" }, { "id": "", "name": "8387e6fe5adcb90a42abdf9ed6cdfdbea66bb431f6aa7fc32d5f7137fc140090" }, { "id": "", "name": "397eed8ff076484896dd40fefa697f714d1f2a06e1dfacf90e821283f10b41e6" }, { "id": "", "name": "c1c509f40ede7d4a33a092114bbab1e6b4d29fbf21f6ce5f2356902506b6c8f3" }, { "id": "", "name": "5044d19ed26c72423e1039cc8c02631639a21287d1f885500bc089c6375fa719" }, { "id": "", "name": "06ad3e407d5370648350e64e11278fc974197ae26fa02457c5dea645d3936bc1" }, { "id": "", "name": "5b5d67a4fb1ff53f39988d34ea2adf62f09d6aac685c2d17f6336202eff217ee" }, { "id": "", "name": "effba77be35fb75299883957d3acf9560970a054bc85d20457552e3511293cd0" }, { "id": "", "name": "10debd8d5819879435d349855e7792b57b94334251357b3580dd4dd3311246c3" }, { "id": "", "name": "d3fb96a634269b8fb1cc1edaa2c4fdcff60aab887da7de4dc9f7c968c9bb49b1" }, { "id": "", "name": "de2f6a3056f74e104e0e9134c2652662a8fc0e9ccf519e83c033b6df0a98ae05" }, { "id": "", "name": "4728b3b51c10ec8d03d4fa82172df4ea96c0c19249c230aa7e4202434c46ba19" }, { "id": "", "name": "d45eb4b8130132055b44ffe4462888d5bb90f11ac0c07312d09b8b8abc0b23ce" }, { "id": "", "name": "49d3fe3a00d8d3e247a3462e334ecd204dc9378c48ba55f19fc2a6c07ca7fd6b" }, { "id": "", "name": "834653eff148cb83dbfdb20ec6f769d2e454fdac4fe40bbd47bf4663f796dfec" }, { "id": "", "name": "c5ad8eaae4d107523300d4e6681a15a94848adb8f13516e0d00575fc32957997" }, { "id": "", "name": "bce2cd273f4610387c32bfb80ecd0402c70d97f89c57611e7f79344033da3e55" }, { "id": "", "name": "df38de5eb1f5d534e1a836fbf34552bc80d722bb5301976707ee2dd78997bfc5" }, { "id": "", "name": "2d0da28f388a9870184d0ac3905cd61947cf18830245f204033200a27c2dc3c0" }, { "id": "", "name": "31dbfc89186553536f88cde60228024edbcb7fb042da6be05d75653a87999cc0" }, { "id": "", "name": "4f52905aef07da42553fb843022efcfa985ad7ee7fd8a0cc58cddcd65290ccf9" }, { "id": "", "name": "fcd644e03e1958122feb1b7163df49927bb4e4d09c51948b5950e5d809ecf955" }, { "id": "", "name": "6fe62e780bacbdf22c7cf522dc84d9a9757cf80980e43b5a3a6d4a98a1f4b61a" }, { "id": "", "name": "e59655948efb89b4d905dd4bbbac28c7a06e4a03ec5bc93b9ea1c0a43f91bfcf" }, { "id": "", "name": "2e92c68a1d4447275e4f35e9726779c72388a6f74ddfad9b73f0c02aa5b480c4" }, { "id": "", "name": "7ee96809a375c35dc03abd02cd0acdd4849af5785f7c37679d4eabb739b455c0" }, { "id": "", "name": "ba2f77577811cbf5c1ba579e730e283a076157612a73137213296a3851d901ea" }, { "id": "", "name": "da37825fb5428c6788db3296b0bfaaa8197704699bcdb240d8b032350faa59ae" }, { "id": "", "name": "aec135d23f695c9338e1333a8c975544053e8c2615f842b73b085bc96906696d" }, { "id": "", "name": "fae70495819c22d4563d2ece75b4dce210635ebc3136b69365b40564f26b7efa" }, { "id": "", "name": "12a7f1aec5303e3e2eee59d9616b7e440f9c877d0db76620e8768c85433f3762" }, { "id": "", "name": "f35958930f3f4e8a13f09c2c3eba4771652b6a03338913ddeb6b0278c306bec6" }, { "id": "", "name": "1280cba4e109220ce4b17e722a55f31977112df3fa170b417f67227483677cc5" }, { "id": "", "name": "b398e081284b09c8c049e319e87d74bf4df4f0423efbab9202fdc64ed7ca9fd9" }, { "id": "", "name": "e62e0851ddf145c3c2c1fb1fbccb7252dce0edd427c8ba74d9b6ff813c36c728" }, { "id": "", "name": "3e927da764492a8122c822ab566956a65f255bd6da9f312e8e72f4d9856b8225" }, { "id": "", "name": "ecb67b475457fdd3bfbb7a0911b657a1eb8343ca982e5037b062914d991e772e" }, { "id": "", "name": "5524b58ed2ee28c592d08a884711cb503355491dc6b474ed95a842944e7ced3b" }, { "id": "", "name": "21779c1ca04a01a58b31d6a2dabaaee4a83d839922535d6520e629699adaf6be" }, { "id": "", "name": "2caaf6ec466cd38dccd20a5555633e20d11ee3b345e0b93e12daabdffa676228" }, { "id": "", "name": "f3c54064ae75e0f7aaec74acf749716d15f8f1856f002f5ccb3bcb9daf140171" }, { "id": "", "name": "e927e64c4d88c19d708dca504bcf220fd25cbc6fa91e573eba97e52d745288fc" }, { "id": "", "name": "21aba2329d9a6f68fdc358c487a54523beb8ee7751ec69779f53df09b14f5e10" }, { "id": "", "name": "a0c26e5fd249e284b403a74250cd1f5d34c6b90369b082c8050267f7efc6d15d" }, { "id": "", "name": "a6cc3ee93342adc4ac9a0e9600504199688b20fea4e9e5a06d3b3a2b6fbfc075" }, { "id": "", "name": "8389c6564abc4a7556abdc72f399fb3339db9492628d25eda1a3cec954c0c68d" }, { "id": "", "name": "58f029907441888fcb38bc7ef3cb854f79f47a78ef8363b8420c7c95a60c63a7" }, { "id": "", "name": "d06ec13250708cab022d76b78adf8bbe3b4cf1d7f6e483f2624c18d232e3f896" }, { "id": "", "name": "415a2eded0537280c574ff8927c6ffafb7685487ce01fdee9185425ff09770ac" }, { "id": "", "name": "9b94a6d16e357bf57e84db3a749f40231841f2a34cec414256d5c8f63facf84c" }, { "id": "", "name": "b04b506eb06303d00b3f02d0dbcd20d3bfe93e4030c6db1655136198ea40e9c3" }, { "id": "", "name": "d293aa394efe4112ed95951aafc43e04975d8c9d715dcb170b4d3ae0cec8af5b" }, { "id": "", "name": "70defb76cc82faf19e7183aa8f92ccaf3942b39524ee80610a77aa02a690b762" }, { "id": "", "name": "98fef41aa11235e714b458259bba9720c2de0e88b7a190167bd0077ee1e038f4" }, { "id": "", "name": "de1ed295857e5551dd7ff1ff34f92d670ef237acf3c4326ddd94bf0956b6a807" }, { "id": "", "name": "ea0630d4582cbf033fa75d4ce1f1e8371181ed58d7961f0c98b66f458ca46c45" }, { "id": "", "name": "8a15a4a4d5158b8826b478a33e407bd1ffb39e010e0986a5547f114ffe6e9167" }, { "id": "", "name": "dcefa82d7ac6887a253effb54d611e8df15177a993c7d53e453e5ea92f404983" } ], "malware": [ { "id": "45b582b4-76ff-466a-a576-9b68b081ed37", "name": "HVNC", "slug": "hvnc" }, { "id": "legacy:malware:5d5d6103e33e63df", "name": "PureRAT", "slug": "purerat" } ], "attack_patterns": [ { "id": "c3af9fd7-d307-4df4-9220-cc627938fb85", "name": "T1055" }, { "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d", "name": "T1053" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46", "name": "T1059.003" }, { "id": "81b422de-709e-43bd-b471-2befac0c623a", "name": "T1218.011" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "5999052b-e9ae-49e8-9235-d9bf975c22af", "name": "T1547.001" }, { "id": "0156fcda-e385-4662-b388-086c3e16feec", "name": "T1140" } ], "others": [ { "id": "", "name": "ginten555333.com" }, { "id": "", "name": "dmca-wipo.com" } ] }, "external_refs": [ "https://www.security.com/threat-intelligence/ai-purerat-phishing", "https://otx.alienvault.com/pulse/697a454330d96ae56f959ed4" ] }