RST TI Report Digest: 01 Dec 2025

**Executive summary:** F6 Threat Intelligence analyzed VasyGrek’s August–November 2025 activity and found a sustained campaign using advanced phishing and staged malware (a.exe loading a.dll) that culminated on 2025-11-13 with deployment of the PureHVNC RAT, which was executed stealthily via the legitimate RegAsm.exe process; the report includes extensive IOCs (IPs, domains, URLs, and many SHA1 hashes) tied to the actor’s operations in Russia.