Mentioned Malware Families: PseudoManuscrypt, ValleyRAT
Aliases for PseudoManuscrypt: win.pseudo_manuscrypt
Malpedia link for PseudoManuscrypt: https://malpedia.caad.fkie.fraunhofer.de/details/win.pseudo_manuscrypt
Aliases for ValleyRAT: win.valley_rat, Winos
Malpedia link for ValleyRAT: https://malpedia.caad.fkie.fraunhofer.de/details/win.valley_rat
Aliases provided by Malpedia.
According to PCrisk, PseudoManuscrypt is the name of the malware that spies on victims. It is similar to another malware called Manuscrypt. We have discovered PseudoManuscrypt while checking installers for pirated software (one of the examples is a fake pirated installer for SolarWinds - a network monitoring software).
Gh0stKCP is a transport protocol based on KCP, which runs on top of UDP. Gh0stKCP has been used to carry command-and-control (C2) traffic by malware families such as PseudoManuscrypt and ValleyRAT/Winos4.0. @Jane_0sint recently tweeted about ValleyRAT using a new UDP based C2 protocol. I wanted to t[...]
MalwareAlias
π½π΄πππ΄ππ΄π²
NETRESEC - Network Forensics and Network Security Monitoring