PureRAT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.pure_rat (Back to overview)

PureRAT

aka: PureHVNC, ResolverRAT

According to Morphisec, this RAT combines advanced in-memory execution, API and resource resolution at runtime, and layered evasion techniques. They have named it ‘Resolver’ due to its heavy reliance on runtime resolution mechanisms and dynamic resource handling, which make static and behavioral analysis significantly more difficult.

References

2025-08-12 ⋅ Netresec ⋅ Erik Hjelmvik
PureRAT = ResolverRAT = PureHVNC
PureRAT

2025-05-20 ⋅ ⋅ Kaspersky ⋅ AMR
https://securelist.ru/purerat-attacks-russian-organizations/112619/
PureRAT

2025-04-14 ⋅ Morphisec ⋅ Nadav Lorber
New Malware Variant Identified: ResolverRAT Enters the Maze
PureRAT

There is no Yara-Signature yet.

PureRAT Propose Change

References

PureRAT