A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

    Friday, August 16, 2024 In: Threat Research Print

    Date: 08/16/2024

    Severity: Medium

    Summary

    The article "A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers" explores a recent cyber espionage campaign using the ValleyRAT malware. This campaign is specifically targeting Chinese-speaking individuals, indicating a sophisticated approach to cyberattacks. The article details how the malware operates, its methods of delivery, and its impact on the targeted users. It also examines the broader implications for cybersecurity and the potential motivations behind the attack, highlighting the evolving landscape of cyber threats and the importance of vigilant security measures.

    Indicators of Compromise (IOC) List

    IP Address

    154.82.85.12

    154.92.19.81

    Hash

    aae7f34bdc0aa362bb42eb5e4cff69b60d67f7f155a3e2b9b905c90a1cc2aac4

17ff585fadcf40e25ad9d09cf007d20f6691ccf31d93a5d48d25f7e811cb0ca4

47d7ce4ce72ca7e0cebab472e2165a1ebbd9395a60d7478990fd4dbec2eb195f

7172dff66af9c34958a3b095210664c26a934b5f734b64ea3170f1507a120503

12ae203fa199291754649a4e592fb0880339c88b07f1d69798114afca06b8061

22bfdc52a65905088b8b897a630c66c16ec5c2eba992c1c0722e5c8da9afa181

24a871b7b837b217d271747337381fbbcff61edfe44e087c55921564b170a8c9

b50ad87cd7ce19ae30cb709ea3ceb7107b129c64ec9c314157fc6a8df079262b

76b1c8b026ac9e72ffe8ac1dd8d18abfbb4eb9c23bccb42ab9af2580ed72b7ad

8378960ee2bfc32930e19f762f561f4a6448160de2bde6ce330309326d745f89

14bf52de60e60a526141ffe61ef5afc2a3bc7d60d4086e644ec80e67513d2684

8a6b352c45e48e3564e259ade4f544d01900e8c3f9a74e52ae3bc62f74ddf013

a47423b59d75e228198450f7a9a2e051eeca6388028a6deb8e9843951bf21575

ce8224de916a5eb0c76c9ba7acc3833f8cdc7f7d31a72dfbe69d2be1f8b7cc48

02c8f22e9d2df7e051fffc49c7d2d240787fbe8395b4c3c96be40b5a111a03ce

72542f81546656de73e009b541ed12cbcc9feced4f6ab79f9e9a0ee9df148b6a

8b7d3de2c77c59663ec5d8969b688530a3c9228b72807bc17a9822d558c42ee8

583001d3d4dc0a72c92cf27a390e95e1fad6229d18ab255b625985939eb4b90f

ebd3a506c226e98dcedc1b882a11addd25ded8ee5110249b5b1a391e4d77d327

02aed2b21a90c82d2ca597340aabfa1d6c52302b08aa9f58e87893f6997c2681

ad753becec205160b78de45c11ed42f3da707c9cee0688fa4190233a9b4f1379

8790506401a3bac69f6669a3dd832650e4752ff68dd6f0cef35b43e6ad59d7df

ad9bd41e73eff193caab25960b6a990641ea8d412b5ba456b64ad165b7216c48

d208b80a6608c72c3c590f86d93b074533c0c4ef8a46b6d36ed52cc2b4c179d5

d63792ee67c6f1702188695387c64991029dabd702d48eac3ea3f0eef280d4a1

1235419877ccc1f1820cc75e773fe79f9ad0296dd8eea9aa44f511a7b6348cfd

0a971e606e839e7d5e72dcea0a8a3d081c951250ce25b0ddaf2429bad87ebe3d

c486ca7291799a7474196c7cf60158421a2d81697e24e693e76cd1da06b9bf1c

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    dstipaddress IN ("154.92.19.81,154.82.85.12") or ipaddress IN ("154.92.19.81,154.82.85.12") or publicipaddress IN ("154.92.19.81,154.82.85.12") or srcipaddress IN ("154.92.19.81,154.82.85.12")

    Detection Query 2

    sha256hash IN ("aae7f34bdc0aa362bb42eb5e4cff69b60d67f7f155a3e2b9b905c90a1cc2aac4","17ff585fadcf40e25ad9d09cf007d20f6691ccf31d93a5d48d25f7e811cb0ca4","47d7ce4ce72ca7e0cebab472e2165a1ebbd9395a60d7478990fd4dbec2eb195f","7172dff66af9c34958a3b095210664c26a934b5f734b64ea3170f1507a120503","12ae203fa199291754649a4e592fb0880339c88b07f1d69798114afca06b8061","22bfdc52a65905088b8b897a630c66c16ec5c2eba992c1c0722e5c8da9afa181","24a871b7b837b217d271747337381fbbcff61edfe44e087c55921564b170a8c9","b50ad87cd7ce19ae30cb709ea3ceb7107b129c64ec9c314157fc6a8df079262b","76b1c8b026ac9e72ffe8ac1dd8d18abfbb4eb9c23bccb42ab9af2580ed72b7ad","8378960ee2bfc32930e19f762f561f4a6448160de2bde6ce330309326d745f89","14bf52de60e60a526141ffe61ef5afc2a3bc7d60d4086e644ec80e67513d2684","8a6b352c45e48e3564e259ade4f544d01900e8c3f9a74e52ae3bc62f74ddf013","a47423b59d75e228198450f7a9a2e051eeca6388028a6deb8e9843951bf21575","ce8224de916a5eb0c76c9ba7acc3833f8cdc7f7d31a72dfbe69d2be1f8b7cc48","02c8f22e9d2df7e051fffc49c7d2d240787fbe8395b4c3c96be40b5a111a03ce","72542f81546656de73e009b541ed12cbcc9feced4f6ab79f9e9a0ee9df148b6a","8b7d3de2c77c59663ec5d8969b688530a3c9228b72807bc17a9822d558c42ee8","583001d3d4dc0a72c92cf27a390e95e1fad6229d18ab255b625985939eb4b90f","ebd3a506c226e98dcedc1b882a11addd25ded8ee5110249b5b1a391e4d77d327","02aed2b21a90c82d2ca597340aabfa1d6c52302b08aa9f58e87893f6997c2681","ad753becec205160b78de45c11ed42f3da707c9cee0688fa4190233a9b4f1379","8790506401a3bac69f6669a3dd832650e4752ff68dd6f0cef35b43e6ad59d7df","ad9bd41e73eff193caab25960b6a990641ea8d412b5ba456b64ad165b7216c48","d208b80a6608c72c3c590f86d93b074533c0c4ef8a46b6d36ed52cc2b4c179d5","d63792ee67c6f1702188695387c64991029dabd702d48eac3ea3f0eef280d4a1","1235419877ccc1f1820cc75e773fe79f9ad0296dd8eea9aa44f511a7b6348cfd","0a971e606e839e7d5e72dcea0a8a3d081c951250ce25b0ddaf2429bad87ebe3d","c486ca7291799a7474196c7cf60158421a2d81697e24e693e76cd1da06b9bf1c")

    Reference:

    https://www.fortinet.com/blog/threat-research/valleyrat-campaign-targeting-chinese-speakers

     


     


    Tags

    MalwareAPT

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.