Virus BulletinDec 4
Trend Micro Research details a ValleyRAT campaign targeting job seekers via email, hiding behind a weaponized Foxit PDF Reader and using DLL side-loading for initial access. As a RAT, ValleyRAT enables remote control, monitoring and data theft. https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html
Show threaddmpdumpDec 8
@VirusBulletin This does not look like ValleyRAT
Show thread𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲
@dmpdump @VirusBulletin Is this maybe a false positive / misclassification by @TrendMicro ?
Here's the VT results for 29dee8b421fab8eb1e67c7451aa227f8 / a32fa6ba08db96ebd611f6ee06da44b419d569a6bac43ed00c68d6ca674004c3. Only Trend classifies it as ValleyRAT 🤷
Dec 9 at 9:52amWeb
Show threaddmpdumpDec 9
@netresec @VirusBulletin @TrendMicro Yeah, that infection chain leads to Pure* (e.g. PureLogs) malware, associated with a Vietnamese threat actor.
Show thread𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲Dec 9
@dmpdump @VirusBulletin @TrendMicro Fully agree, more details here:
https://infosec.exchange/@netresec/115667037971483700