#valleyrat — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #valleyrat, aggregated by home.social.
-
Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall
C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […] -
Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall
C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […] -
Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall
C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […] -
Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall
C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […] -
Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall
C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […] -
Silver Fox lancia ABCDoor: spear phishing con loader Rust personalizzato contro India e Russia, nuova backdoor Python in campo
Il gruppo APT cinese Silver Fox ha condotto campagne di spear phishing a tema fiscale contro organizzazioni in India e Russia, distribuendo il backdoor ValleyRAT affiancato da un nuovo payload Python inedito denominato ABCDoor. Kaspersky ha documentato il malware e le tecniche di evasione del loader RustSL, incluso il geofencing per paese e la persistenza tramite Phantom Persistence. -
Fake Installer: Ultimately, ValleyRAT infection
#ValleyRAT
https://www.cybereason.com/blog/fake-installer-valleyrat -
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
Mentioned Malware Families: ValleyRAT, PureRAT
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
Malpedia link for PureRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.pure_ratAliases provided by Malpedia.
-
RE: https://infosec.exchange/@VirusBulletin/115660902138702248
How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
Here are some typical PureRAT indicators:
:windows: .NET malware
🔑 TLS version is 1.0
JA3fc54e0d16d9764783542f0146a98b300/07af4aa9e4d215a5ee63f9a0a277fbe3
JA4t10i070500_c50f5591e341_950472255fe9/t10i060500_4dc025c38c38_950472255fe9
JA3Sb74704234e6128f33bff9865696e31b3
📝 X.509 cert expires 9999-12-31 23:59:59 UTC
📡 C2 often runs on TCP 56001
All of them match on the sample analyzed in Trend's report -
RE: https://infosec.exchange/@VirusBulletin/115660902138702248
How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
Here are some typical PureRAT indicators:
:windows: .NET malware
🔑 TLS version is 1.0
JA3fc54e0d16d9764783542f0146a98b300/07af4aa9e4d215a5ee63f9a0a277fbe3
JA4t10i070500_c50f5591e341_950472255fe9/t10i060500_4dc025c38c38_950472255fe9
JA3Sb74704234e6128f33bff9865696e31b3
📝 X.509 cert expires 9999-12-31 23:59:59 UTC
📡 C2 often runs on TCP 56001
All of them match on the sample analyzed in Trend's report -
RE: https://infosec.exchange/@VirusBulletin/115660902138702248
How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
Here are some typical PureRAT indicators:
:windows: .NET malware
🔑 TLS version is 1.0
JA3fc54e0d16d9764783542f0146a98b300/07af4aa9e4d215a5ee63f9a0a277fbe3
JA4t10i070500_c50f5591e341_950472255fe9/t10i060500_4dc025c38c38_950472255fe9
JA3Sb74704234e6128f33bff9865696e31b3
📝 X.509 cert expires 9999-12-31 23:59:59 UTC
📡 C2 often runs on TCP 56001
All of them match on the sample analyzed in Trend's report -
Mentioned Malware Families: PseudoManuscrypt, ValleyRAT
Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
Malpedia link for PseudoManuscrypt: https://malpedia.caad.fkie.fraunhofer.de/details/win.pseudo_manuscrypt
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_ratAliases provided by Malpedia.
-
Mentioned Malware Families: PseudoManuscrypt, ValleyRAT
Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
Malpedia link for PseudoManuscrypt: https://malpedia.caad.fkie.fraunhofer.de/details/win.pseudo_manuscrypt
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_ratAliases provided by Malpedia.
-
Mentioned Malware Families: PseudoManuscrypt, ValleyRAT
Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
Malpedia link for PseudoManuscrypt: https://malpedia.caad.fkie.fraunhofer.de/details/win.pseudo_manuscrypt
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_ratAliases provided by Malpedia.
-
Mentioned Malware Families: PseudoManuscrypt, ValleyRAT
Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
Malpedia link for PseudoManuscrypt: https://malpedia.caad.fkie.fraunhofer.de/details/win.pseudo_manuscrypt
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_ratAliases provided by Malpedia.
-
Mentioned Malware Families: PseudoManuscrypt, ValleyRAT
Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
Malpedia link for PseudoManuscrypt: https://malpedia.caad.fkie.fraunhofer.de/details/win.pseudo_manuscrypt
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_ratAliases provided by Malpedia.
-
ValleyRAT Campaign Targets Windows via WeChat and DingTalk https://gbhackers.com/valleyrat-campaign/ #CyberSecurityNews #cybersecurity #ValleyRAT #Windows
-
Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки
Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию
https://habr.com/ru/companies/garda/articles/962222/
#разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti
-
Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки
Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию
https://habr.com/ru/companies/garda/articles/962222/
#разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti
-
Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки
Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию
https://habr.com/ru/companies/garda/articles/962222/
#разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti
-
Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки
Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию
https://habr.com/ru/companies/garda/articles/962222/
#разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti
-
Operation Silk Lure: Weaponizing Windows Scheduled Tasks for ValleyRAT Delivery https://gbhackers.com/operation-silk-lure/ #CyberSecurityNews #cybersecurity #ValleyRAT #Windows
-
Gh0stKCP is a C2 transport protocol based on KCP. It has been used by #PseudoManuscrypt and #ValleyRAT.
https://netresec.com/?b=259a5af -
Gh0stKCP is a C2 transport protocol based on KCP. It has been used by #PseudoManuscrypt and #ValleyRAT.
https://netresec.com/?b=259a5af -
Gh0stKCP is a C2 transport protocol based on KCP. It has been used by #PseudoManuscrypt and #ValleyRAT.
https://netresec.com/?b=259a5af -
Gh0stKCP is a C2 transport protocol based on KCP. It has been used by #PseudoManuscrypt and #ValleyRAT.
https://netresec.com/?b=259a5af -
Gh0stKCP is a C2 transport protocol based on KCP. It has been used by #PseudoManuscrypt and #ValleyRAT.
https://netresec.com/?b=259a5af -
Chasing the Silver Fox: Cat & Mouse in Kernel Shadows
#SilverFox #ValleyRAT
https://research.checkpoint.com/2025/silver-fox-apt-vulnerable-drivers/ -
⚠️ The #SilverFox APT is exploiting a Microsoft‑signed but vulnerable driver to disable Windows security on Win 10/11 and install #ValleyRAT malware.
Details: https://hackread.com/silver-fox-apt-exploit-signed-windows-driver-valleyrat/
-
Silver Fox APT Hides ValleyRAT in Trojanized Medical Imaging Software – Source:hackread.com https://ciso2ciso.com/silver-fox-apt-hides-valleyrat-in-trojanized-medical-imaging-software-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #healthcare #SilverFox #ValleyRAT #Hackread #security #malware #Philips #trojan #China #APT #VPN #AI
-
Good day everyone!
Forescout Technologies Inc. researchers identified a malware cluster that masqueraded as MediaViewerLauncher.exe, the primary executable for the Philips DICOM viewer that has been associated with the Chinese APT #SilverFox. When downloaded, these executables led to the deployment of the #ValleyRAT (Remote Access Trojan), a backdoor, keylogger, and a crypto miner on victim computers.
Behaviors (MITRE ATT&CK):
Discovery - TA0007
System Network Configuration Discovery: Internet Connection Discovery - T1016.001: Living-off-the-land binaries are used to check if the system can reach the C2 server.Persistence - TA0003:
Scheduled Task/Job: Scheduled Task - T1053.003:
The malware creates a scheduled task that will trigger on logon for persistence.Healthcare Malware Hunt, Part 1: Silver Fox APT Targets Philips DICOM Viewers
https://lnkd.in/ghQS3nwvIntel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday #HappyHunting
-
⚠️ The China-based Silver Fox APT is spreading #ValleyRAT malware via trojanized medical imaging software - specifically, a modified #Philips DICOM Viewer.
🏥💻 #CyberSecurity #Malware #Healthcare #SilverFox
Read: https://hackread.com/silver-fox-apt-valleyrat-trojanized-medical-imaging-software/
-
Watch out as this new ValleyRAT malware variant is spreading via fake downloads, including Chrome, TikTok, and even a fake telecom site!
Read: https://hackread.com/valleyrat-malware-variant-fake-chrome-downloads/
-
Good day everyone!
Today's #readoftheday is brought to you by AnyRun and describes a campaign that has targeted Chinese-speaking users and distributing the malware known as #ValleyRAT. A RAT, which stands for remote access trojan, is a type of malware that is designed to allow the attacker to access and control a victim's machine. This one targets the Windows operating system and employs a range of techniques to evade detection and is delivered when the first-stage loader is disguised as a legitimate application like Microsoft Office. When the unsuspecting victim executes the malware a decoy document is deployed and the executable loads the shellcode that advances the attack to the next stage.
Attackers have long since used files that are masqueraded as legitimate process, executables, and so on as well as using the technique of dropping a decoy document when the user executes malware. The idea here is a layered effect: one, the adversary abuses the trust a user has for legitimate file names and THEN provides something that the victim may have been expecting, basically giving the victim something as to not raise an alarm. This may be the delay that the attacker needs to get a stronger foothold in the environment and gain persistence.
Stay tuned for your threat hunting tip of the day, but until then, Happy Hunting!
New ValleyRAT Campaign Spotted with Advanced Techniques
https://any.run/cybersecurity-blog/new-valleyrat-campaign/?utm_source=linkedin&utm_medium=post&utm_campaign=threat-intelligence-explained&utm_content=blog&utm_term=220824/Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack https://hackread.com/valleyrat-malware-chinese-windows-users/ #CyberAttack #Microsoft #ValleyRAT #Security #security #Malware #Windows
-
A new one on me... #valleyrat dropping #cobaltstrike:
https://app.any.run/tasks/35bd4367-51c6-4aeb-b03b-28278c8a5c38/
-
While Gh0st RAT has been extensively used in various cyber campaigns linked to China over the years, the emergence of ValleyRAT suggests that it may see wider deployment in the future.
#Cybersecurity #Malware #Phishing #Trojan #Gh0stRAT #ValleyRAT