Advertisement Β· 728 Γ— 90
#
Hashtag
#ValleyRAT
Advertisement Β· 728 Γ— 90
Sekoia.io
Sekoia.io
@sekoia.io
1 week ago

πŸ› οΈ RMM Abuse: Transitioned from deploying #ValleyRAT via malicious PDFs to abusing Chinese #RMM tools.
🐍 Custom Payloads: Recently observed dropping a custom Python-based stealer embedded in a Python installer.

1 0 1 0
Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
1 week ago
Preview
Silver Fox: The Only Tax Audit Where the Fine Print Installs Malware Since early 2025, China-based intrusion set Silver Fox has combined APT-style operations (using modular backdoors like ValleyRAT and HoldingHands) with opportunistic financially motivated campaigns across South Asia. The group evolved delivery from malicious PDFs and DLL side-loading to abusing a misconfigured Chinese RMM tool and a compiled Python stealer that exfiltrates data to xqwmwru[.]top. #SilverFox #ValleyRAT

Since 2025, Silver Fox blends APT-like espionage with financial attacks, using modular backdoors like ValleyRAT and exploiting a misconfigured Chinese RMM tool to install malware and steal data. #SilverFox #China #ValleyRAT

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
1 month ago
Post image

Cybercriminals are using a fake Huorong antivirus site to distribute ValleyRAT malware. Stay vigilant and verify URLs before downloading software. #CyberSecurity #MalwareAlert #ValleyRAT Link: thedailytechfeed.com/cybercrimina...

0 0 0 0
CyberNetSecIO
CyberNetSecIO
@netsecio.bsky.social
2 months ago
Fake LINE Messenger Installer Spreads ValleyRAT Malware The Silver Fox APT group is distributing the ValleyRAT remote access trojan through a trojanized installer for the LINE messaging app to steal credentials from Chinese-speaking users.

A fake LINE messenger installer is being used to spread ValleyRAT malware. The campaign, linked to the Silver Fox APT, targets Chinese-speaking users for credential theft. 🦊 #Malware #ValleyRAT #CyberSecurity

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
3 months ago
Preview
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware gathering to financial gain read more about Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware reconbee.com/silver-fox-t...

#silverfox #taxthemedemails #emails #tax #ValleyRATmalware #ValleyRAT #malware #cyberattack #CybersecurityNews

0 0 0 0
James_inthe_box
James_inthe_box
@james-inthe-box.infosec.exchange.ap.brid.gy
3 months ago
ANY.RUN Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

Some fresh (2025-12-18) #silverfox #valleyrat

app.any.run/tasks/5f8778b4-7a5a-42fc...

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
3 months ago
Post image

ValleyRAT malware employs stealthy driver installations to bypass Windows 11 protections, posing a significant threat to global organizations. #CyberSecurity #Malware #Windows11 #ValleyRAT Link: thedailytechfeed.com/valleyrat-ma...

0 0 0 0
CITechRPM == VITechRPM
CITechRPM == VITechRPM
@aitechrpm.bsky.social
3 months ago
Preview
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits - Check Point Research Highlights: Introduction Throughout 2025, we conducted and published several reports related to our research on the Silver Fox APT. In some of them (for example,Β here), the threat actor delivered the ...

'Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits'

research.checkpoint.com/2025/crackin...

#CyberSecurity #ValleyRAT #Trojan #Rootkit #ReverseEngineering

0 0 0 0
piggo
piggo
@pigondrugs.bsky.social
3 months ago
ValleyRAT: Builder Secrets & Kernel Rootkits

~Checkpoint~
Analysis of ValleyRAT reveals a kernel rootkit bypassing Windows 11, with a leaked builder causing a surge in its use.
-
IOCs: sun-rat. com
-
#Rootkit #ThreatIntel #ValleyRAT

0 0 0 0
Sakaijjang
Sakaijjang
@sakaijjang.bsky.social
3 months ago
Preview
ꡬ직자 λ₯Ό λŒ€μƒ 으둜 Foxit PDF 리더 둜 μœ„μž₯ν•œ μ•…μ„±μ½”λ“œ-document.bat μ˜€λŠ˜μ€ ꡬ직자λ₯Ό λŒ€μƒμœΌλ‘œ Foxit PDF 리더 둜 μœ„μž₯ν•œ μ•…μ„±μ½”λ“œμΈ ValleyRAT 에 λŒ€ν•΄μ„œ μ•Œμ•„λ³΄κ² μŠ΅λ‹ˆλ‹€.일단 μ œκ°€ μ•…μ„±μ½”λ“œλ₯Ό ꡬ할 수 μžˆλŠ” ν•œλ„μ—μ„œ λΆ„μ„ν•˜κ²Œ 되고 완전체가 μ•„λ‹Œ 점을 μ•Œμ•„μ£Όμ„Έμš”. μ·¨μ—… 기회λ₯Ό μ°ΎλŠ” κ΅¬μ§μžλŠ” 이메일을 톡해 μ „νŒŒλœ ValleyRAT 캠페인이 Foxit PDF Readerλ₯Ό μ΄μš©ν•΄ μ€νν•˜κ³  DLL μ‚¬μ΄λ“œ λ‘œλ”©μ„ μ΄μš©ν•΄ 졜...

ꡬ직자 λ₯Ό λŒ€μƒ 으둜 Foxit PDF 리더 둜 μœ„μž₯ν•œ μ•…μ„±μ½”λ“œ-document.bat
wezard4u.tistory.com/429667
#ValleyRAT #μ•…μ„±μ½”λ“œ

0 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
3 months ago
Original post on infosec.exchange

RE: infosec.exchange/@VirusBulletin/115660902...

How is this #ValleyRAT? It looks, swims and quacks like #PureRAT.
Here are some typical PureRAT indicators:
:windows: .NET malware
πŸ”‘ TLS version is 1.0
πŸ«† JA3 = fc54e0d16d9764783542f0146a98b300 or 07af4aa9e4d215a5ee63f9a0a277fbe3
πŸ«† […]

0 0 1 0
@matricedigitale.bsky.social
4 months ago
Post image

Campagna ValleyRAT colpisce i cercatori di lavoro sfruttando falsi documenti Foxit e side-loading DLL. Analisi completa di tecniche, rischi e impatti.

#RAT #sideloading #TrendMicro #ValleyRAT
www.matricedigitale.it/2025/12/04/v...

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
4 months ago
Post image

Cybercriminals are exploiting trusted apps like Telegram and Chrome to deploy ValleyRAT malware. Stay vigilant and ensure software integrity. #CyberSecurity #MalwareAlert #ValleyRAT Link: thedailytechfeed.com/silver-fox-a...

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
4 months ago
Post image

Cybercriminals are exploiting trusted apps like Telegram and Chrome to deploy ValleyRAT malware. Stay vigilant and ensure software integrity. #CyberSecurity #MalwareAlert #ValleyRAT Link: thedailytechfeed.com/silver-fox-a...

0 0 0 0
piggo
piggo
@pigondrugs.bsky.social
4 months ago
ValleyRAT Targets Job Seekers via Foxit Reader

~Trendmicro~
A campaign targets job seekers with email lures, using a weaponized Foxit PDF Reader for DLL side-loading to deploy ValleyRAT.
-
IOCs: 196. 251. 86. 145, 51. 79. 214. 125, 154. 90. 58. 164
-
#DLLSideloading #ThreatIntel #ValleyRAT

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
5 months ago
Post image

Operation Silk Lure targets Chinese fintech firms using Windows Task Scheduler to deploy ValleyRAT malware. Stay vigilant against spear-phishing attacks. #CyberSecurity #Malware #ValleyRAT #Fintech Link: thedailytechfeed.com/operation-si...

0 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.com
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a command-and-control (C2) transport protocol based on KCP. It has been used by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyR...

Gh0stKCP is a C2 transport protocol based on KCP. It has been used by malware families such as #PseudoManuscrypt and #ValleyRAT.
netresec.com?b=259a5af

3 2 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
6 months ago
Preview
@netresec

Gh0stKCP is a C2 transport protocol based on KCP. It has been used by malware families such as #PseudoManuscrypt and #ValleyRAT.
https://netresec.com/?b=259a5af

0 1 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
0 0 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
0 0 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
0 0 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
0 0 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
0 0 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
0 0 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
0 0 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a command-and-control (C2) transport protocol based on KCP. It has been used by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to take a closer look at the protocol, so I downloade[...]
1 0 0 0
NETRESEC - Network Forensics and Network Security Monitoring
NETRESEC - Network Forensics and Network Security Monitoring
@netresec.com.web.brid.gy
6 months ago
Preview
Gh0stKCP Protocol Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
0 0 0 0
GetNews.me
GetNews.me
@getnews-me.bsky.social
7 months ago
Chinese Silver Fox Group Exploits Trusted Windows Drivers to Deploy ValleyRAT Malware

Chinese Silver Fox Group Exploits Trusted Windows Drivers to Deploy ValleyRAT Malware

Silver Fox used WatchDog Antimalware driver (amsdk.sys v1.0.600) to bypass defenses and install ValleyRAT. Zemana Anti‑Malware driver (ZAM.exe) adds Windowsβ€―7‑11 coverage. getnews.me/chinese-silver-fox-group... #silverfox #valleyrat

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
7 months ago
Post image

Silver Fox exploits Microsoft-signed WatchDog driver to deploy ValleyRAT malware, bypassing security measures. #CyberSecurity #Malware #SilverFox #ValleyRAT #WatchDogDriver Link: thedailytechfeed.com/silver-fox-e...

0 0 0 0