Jump to content

PureCrypter targets government entities through Discord


Recommended Posts

PureCrypter targets government entities through Discord


Executive Summary

Menlo Labs has uncovered an unknown threat actor that’s leveraging an evasive threat campaign distributed via Discord that features the PureCrypter downloader and targets government entities. The PureCrypter campaign uses the domain of a compromised non-profit organization as a Command and Control (C2) to deliver a secondary payload. The campaign was found to have delivered several types of malware including Redline Stealer, AgentTesla, Eternity, Blackmoon and Philadelphia Ransomware. Our investigation started when Menlo’s Cloud Security Platform blocked password-protected archive files across multiple government customers in the Asia-Pacific (APAC) and North America regions.

Menlo Labs assesses that this threat actor group will continue to use the compromised and taken infrastructure as long as they can, before needing to find a new home. Leaving credentials in malware is an OpSec failure but it leaves a trace for analysts to follow. Fortunately in this case, Menlo’s Cloud Security Platform blocked this attack, which allowed Menlo Labs to see it and start to track this actor.


  • Like 2
  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.