Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'valleyrat'

View all threats tagged with 'valleyrat'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: valleyrat

Threats Tagged 'valleyrat'

Click on any threat for detailed analysis and mitigation recommendations

An Analysis of ValleyRAT Infection Campaigns from Fake Installers, Japanese Malicious Emails
0

ValleyRAT malware campaigns have been identified using two main infection vectors: fake installers targeting Chinese-speaking users and malicious email campaigns targeting both Chinese and Japanese-speaking users. The malware employs advanced evasion techniques such as process injection, DLL sideloading, junk code insertion, memory and process checks, and fileless execution via Donut-generated shellcode. It establishes persistence through registry modifications and enables remote access for attackers. Detection volumes have increased significantly since May 2025, nearly doubling in 2026. No specific software versions are affected, and no official patches or fixes are available.

Join the discussion
An unknown actor distributes malicious VBS scripts via WhatsApp
0

An active malware campaign has been discovered distributing malicious VBScript files through WhatsApp direct messages since June 2026. The operation affects users across multiple countries, with Malaysia experiencing the highest concentration of victims. Attackers compromise WhatsApp accounts and send weaponized VBS files disguised as business and financial documents to contacts. The multi-stage infection chain ultimately deploys legitimate ManageEngine Endpoint Central RMM software, providing persistent remote access to compromised systems. The scripts employ heavy obfuscation, Chinese-language comments, and modify Windows UAC settings. Infrastructure overlaps with ValleyRAT and Gh0st RAT operations suggest possible Chinese-speaking operators, though attribution remains uncertain. The campaign primarily targets individual users through opportunistic rather than focused methods, exploiting social engineering techniques with localized filenames in multiple languages.

Join the discussion
TA4922: The Suspected Chinese Crime Group is Going Global
0

TA4922 is a highly sophisticated Chinese-speaking threat actor demonstrating rapid operational tempo and continually evolving malware capabilities. Initially targeting East Asia, particularly Japan, the group has expanded globally to Europe and Africa. The actor deploys multiple malware families including Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT (Winos4.0), alongside legitimate remote management tools like AnyDesk and SyncFuture. Campaigns use localized lures themed around HR, payroll, tax, and invoicing, targeting hundreds to thousands of recipients per campaign. TA4922 conducts credential phishing, fraud operations including credit card theft, and attempts to shift communications to out-of-band channels like LINE, WhatsApp, and Microsoft Teams. The group leverages legitimate cloud hosting services and trusted software for delivery and persistence, combining advanced tradecraft with financially motivated objectives such as data theft, fraud, access resale, and persistent remote access.

Join the discussion

Showing 1 to 3 of 3 results

Filters:Tag: valleyrat
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses