A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
FortiGuard Labs recently encountered an ongoing malware campaign specifically targeting Chinese speakers. The attack utilizes a multi-stage malware named ValleyRAT, which employs diverse techniques to monitor and control victims while deploying arbitrary plugins. A notable characteristic is its heavy usage of shellcode to execute components directly in memory, reducing its file footprint. The campaign involves masquerading legitimate applications, sandbox evasion, privilege escalation, and downloading additional components from the Command and Control server. The malware ultimately aims to monitor user activities and deliver malicious plugins.
OPENCTI LABELS :
sandbox evasion,windows registry,shellcode,valleyrat,cmstplua com class
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers