home.social

#valleyrat — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #valleyrat, aggregated by home.social.

  1. Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall

    C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […]

    insicurezzadigitale.com/una-ri

  2. Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall

    C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […]

    insicurezzadigitale.com/una-ri

  3. Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall

    C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […]

    insicurezzadigitale.com/una-ri

  4. Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall

    C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […]

    insicurezzadigitale.com/una-ri

  5. Una riunione urgente su Teams e il conto svuotato: la nuova truffa che sfrutta il panico da videocall

    C’è un dettaglio interessante nelle nuove campagne cyber che stanno circolando nelle ultime ore: non cercano più di sembrare sofisticate. Cercano di sembrare normali. Una notifica su Microsoft Teams. Un collega che chiede supporto. Una call urgente prima di una riunione. E pochi minuti dopo, credenziali rubate, malware installato o conti aziendali compromessi. Tra le notizie emerse nelle ultime ore nel panorama cybersecurity internazionale, una delle più interessanti riguarda […]

    insicurezzadigitale.com/una-ri

  6. Silver Fox lancia ABCDoor: spear phishing con loader Rust personalizzato contro India e Russia, nuova backdoor Python in campo

    Il gruppo APT cinese Silver Fox ha condotto campagne di spear phishing a tema fiscale contro organizzazioni in India e Russia, distribuendo il backdoor ValleyRAT affiancato da un nuovo payload Python inedito denominato ABCDoor. Kaspersky ha documentato il malware e le tecniche di evasione del loader RustSL, incluso il geofencing per paese e la persistenza tramite Phantom Persistence.

    insicurezzadigitale.com/silver

  7. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  8. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  9. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  10. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  11. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  12. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  13. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  14. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  15. Mentioned Malware Families: ValleyRAT, PureRAT

    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.
    Aliases for PureRAT: win.pure_rat, PureHVNC, ResolverRAT
    Malpedia link for PureRAT: malpedia.caad.fkie.fraunhofer.

    #ValleyRAT #PureRAT

    Aliases provided by Malpedia.

  16. RE: infosec.exchange/@VirusBulleti

    How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
    Here are some typical PureRAT indicators:
    :windows: .NET malware
    🔑 TLS version is 1.0
    🫆 JA3 fc54e0d16d9764783542f0146a98b300 / 07af4aa9e4d215a5ee63f9a0a277fbe3
    🫆 JA4 t10i070500_c50f5591e341_950472255fe9 / t10i060500_4dc025c38c38_950472255fe9
    🫆 JA3S b74704234e6128f33bff9865696e31b3
    📝 X.509 cert expires 9999-12-31 23:59:59 UTC
    📡 C2 often runs on TCP 56001
    All of them match on the sample analyzed in Trend's report

  17. RE: infosec.exchange/@VirusBulleti

    How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
    Here are some typical PureRAT indicators:
    :windows: .NET malware
    🔑 TLS version is 1.0
    🫆 JA3 fc54e0d16d9764783542f0146a98b300 / 07af4aa9e4d215a5ee63f9a0a277fbe3
    🫆 JA4 t10i070500_c50f5591e341_950472255fe9 / t10i060500_4dc025c38c38_950472255fe9
    🫆 JA3S b74704234e6128f33bff9865696e31b3
    📝 X.509 cert expires 9999-12-31 23:59:59 UTC
    📡 C2 often runs on TCP 56001
    All of them match on the sample analyzed in Trend's report

  18. RE: infosec.exchange/@VirusBulleti

    How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
    Here are some typical PureRAT indicators:
    :windows: .NET malware
    🔑 TLS version is 1.0
    🫆 JA3 fc54e0d16d9764783542f0146a98b300 / 07af4aa9e4d215a5ee63f9a0a277fbe3
    🫆 JA4 t10i070500_c50f5591e341_950472255fe9 / t10i060500_4dc025c38c38_950472255fe9
    🫆 JA3S b74704234e6128f33bff9865696e31b3
    📝 X.509 cert expires 9999-12-31 23:59:59 UTC
    📡 C2 often runs on TCP 56001
    All of them match on the sample analyzed in Trend's report

  19. Mentioned Malware Families: PseudoManuscrypt, ValleyRAT

    Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
    Malpedia link for PseudoManuscrypt: malpedia.caad.fkie.fraunhofer.
    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.

    #PseudoManuscrypt #ValleyRAT

    Aliases provided by Malpedia.

  20. Mentioned Malware Families: PseudoManuscrypt, ValleyRAT

    Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
    Malpedia link for PseudoManuscrypt: malpedia.caad.fkie.fraunhofer.
    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.

    #PseudoManuscrypt #ValleyRAT

    Aliases provided by Malpedia.

  21. Mentioned Malware Families: PseudoManuscrypt, ValleyRAT

    Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
    Malpedia link for PseudoManuscrypt: malpedia.caad.fkie.fraunhofer.
    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.

    #PseudoManuscrypt #ValleyRAT

    Aliases provided by Malpedia.

  22. Mentioned Malware Families: PseudoManuscrypt, ValleyRAT

    Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
    Malpedia link for PseudoManuscrypt: malpedia.caad.fkie.fraunhofer.
    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.

    #PseudoManuscrypt #ValleyRAT

    Aliases provided by Malpedia.

  23. Mentioned Malware Families: PseudoManuscrypt, ValleyRAT

    Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
    Malpedia link for PseudoManuscrypt: malpedia.caad.fkie.fraunhofer.
    Aliases for ValleyRAT: win.valley_rat, Winos
    Malpedia link for ValleyRAT: malpedia.caad.fkie.fraunhofer.

    #PseudoManuscrypt #ValleyRAT

    Aliases provided by Malpedia.

  24. Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки

    Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию

    habr.com/ru/companies/garda/ar

    #разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti

  25. Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки

    Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию

    habr.com/ru/companies/garda/ar

    #разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti

  26. Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки

    Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию

    habr.com/ru/companies/garda/ar

    #разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti

  27. Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки

    Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию

    habr.com/ru/companies/garda/ar

    #разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti

  28. Good day everyone!

    Forescout Technologies Inc. researchers identified a malware cluster that masqueraded as MediaViewerLauncher.exe, the primary executable for the Philips DICOM viewer that has been associated with the Chinese APT #SilverFox. When downloaded, these executables led to the deployment of the #ValleyRAT (Remote Access Trojan), a backdoor, keylogger, and a crypto miner on victim computers.

    Behaviors (MITRE ATT&CK):
    Discovery - TA0007
    System Network Configuration Discovery: Internet Connection Discovery - T1016.001: Living-off-the-land binaries are used to check if the system can reach the C2 server.

    Persistence - TA0003:
    Scheduled Task/Job: Scheduled Task - T1053.003:
    The malware creates a scheduled task that will trigger on logon for persistence.

    Healthcare Malware Hunt, Part 1: Silver Fox APT Targets Philips DICOM Viewers
    lnkd.in/ghQS3nwv

    Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday #HappyHunting

  29. Watch out as this new ValleyRAT malware variant is spreading via fake downloads, including Chrome, TikTok, and even a fake telecom site!

    Read: hackread.com/valleyrat-malware

    #CyberSecurity #Malware #ValleyRAT #SilverFox

  30. Good day everyone!

    Today's #readoftheday is brought to you by AnyRun and describes a campaign that has targeted Chinese-speaking users and distributing the malware known as #ValleyRAT. A RAT, which stands for remote access trojan, is a type of malware that is designed to allow the attacker to access and control a victim's machine. This one targets the Windows operating system and employs a range of techniques to evade detection and is delivered when the first-stage loader is disguised as a legitimate application like Microsoft Office. When the unsuspecting victim executes the malware a decoy document is deployed and the executable loads the shellcode that advances the attack to the next stage.

    Attackers have long since used files that are masqueraded as legitimate process, executables, and so on as well as using the technique of dropping a decoy document when the user executes malware. The idea here is a layered effect: one, the adversary abuses the trust a user has for legitimate file names and THEN provides something that the victim may have been expecting, basically giving the victim something as to not raise an alarm. This may be the delay that the attacker needs to get a stronger foothold in the environment and gain persistence.

    Stay tuned for your threat hunting tip of the day, but until then, Happy Hunting!

    New ValleyRAT Campaign Spotted with Advanced Techniques
    any.run/cybersecurity-blog/new

    Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

  31. While Gh0st RAT has been extensively used in various cyber campaigns linked to China over the years, the emergence of ValleyRAT suggests that it may see wider deployment in the future.

    #Cybersecurity #Malware #Phishing #Trojan #Gh0stRAT #ValleyRAT

    cybersec84.wordpress.com/2023/