Under the Pure Curtain: From RAT to Builder to Coder
Essential information
- Published
- 16/09/2025 21:37
- Modified
- 17/09/2025 11:56
- Tags
- 2025-09-16 blue loader clickfix cybercrime github purecrypter purehvnc purehvnc rat purelogs pureminer purerat rat rust loader
- Related entities
- 1 intrusion sets (apt), 19 techniques (mitre), 6 malware, 1 others
Description
Check Point Research conducted a forensic analysis of a ClickFix campaign that deployed multiple tools, including a Rust Loader, PureHVNC RAT, and the Sliver command-and-control framework. The analysis provided comprehensive insights into PureHVNC RAT, including its commands and plugins. The investigation revealed connections to GitHub accounts linked to the developer of Pure malware families, PureCoder. Analysis of these accounts indicated a timezone of operation (UTC+0300) and potential countries of residence. The research also uncovered a PureRAT builder, offering insights into the RAT's capabilities and features related to PureCrypter, another tool by PureCoder. This investigation enhances understanding of the Pure malware ecosystem and provides actionable intelligence for cybersecurity professionals.