SYMBOLCOMMON_NAMEaka. SYNONYMS
js.valak (Back to overview)

Valak

aka: Valek

According to PCrisk, Valak is malicious software that downloads JScript files and executes them. What happens next depends on the actions performed by the executed JScript files. It is very likely that cyber criminals behind Valak attempt to use this malware to cause chain infections (i.e., using Valak to distribute other malware).

Research shows that Valak is distributed through spam campaigns, however, in some cases, it infiltrates systems when they are already infected with malicious program such as Ursnif (also known as Gozi).

References
2023-07-26cocomelonccocomelonc
@online{cocomelonc:20230726:malware:44a5642, author = {cocomelonc}, title = {{Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.}}, date = {2023-07-26}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/07/26/malware-tricks-35.html}, language = {English}, urldate = {2023-07-28} } Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.
Valak POWERSOURCE Gazer PowerDuke
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:monster:1aaba4e, author = {Unit 42}, title = {{Monster Libra}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/monsterlibra/}, language = {English}, urldate = {2022-07-29} } Monster Libra
Valak IcedID GOLD CABIN
2021-09-03IBMCamille Singleton, Andrew Gorecki, John Dwyer
@online{singleton:20210903:dissecting:4d56786, author = {Camille Singleton and Andrew Gorecki and John Dwyer}, title = {{Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight}}, date = {2021-09-03}, organization = {IBM}, url = {https://securityintelligence.com/posts/sodinokibi-ransomware-incident-response-intelligence-together/}, language = {English}, urldate = {2021-09-09} } Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
2021-07-30HPPatrick Schläpfer
@online{schlpfer:20210730:detecting:2291323, author = {Patrick Schläpfer}, title = {{Detecting TA551 domains}}, date = {2021-07-30}, organization = {HP}, url = {https://threatresearch.ext.hp.com/detecting-ta551-domains/}, language = {English}, urldate = {2021-08-02} } Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot
2020-07-24Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20200724:evolution:a372b2b, author = {Brad Duncan}, title = {{Evolution of Valak, from Its Beginnings to Mass Distribution}}, date = {2020-07-24}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/valak-evolution/}, language = {English}, urldate = {2020-08-05} } Evolution of Valak, from Its Beginnings to Mass Distribution
Valak
2020-07-01Cisco TalosNick Biasini, Edmund Brumaghin, Mariano Graziano
@online{biasini:20200701:threat:a726b7e, author = {Nick Biasini and Edmund Brumaghin and Mariano Graziano}, title = {{Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks}}, date = {2020-07-01}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/07/valak-emerges.html}, language = {English}, urldate = {2020-08-18} } Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
Valak IcedID ISFB MyKings Spreader
2020-06-09Sentinel LABSJason Reaves
@online{reaves:20200609:valak:ff6bc74, author = {Jason Reaves}, title = {{Valak Malware and the Connection to Gozi Loader ConfCrew}}, date = {2020-06-09}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/valak-malware-and-the-connection-to-gozi-loader-confcrew/}, language = {English}, urldate = {2020-06-10} } Valak Malware and the Connection to Gozi Loader ConfCrew
Valak
2020-06-08Security Soup BlogRyan Campbell
@online{campbell:20200608:analysis:500f9fe, author = {Ryan Campbell}, title = {{Analysis of Valak Maldoc}}, date = {2020-06-08}, organization = {Security Soup Blog}, url = {https://security-soup.net/analysis-of-valak-maldoc/}, language = {English}, urldate = {2020-06-08} } Analysis of Valak Maldoc
Valak
2020-05-28CybereasonEli Salem, Assaf Dahan, Lior Rochberger
@online{salem:20200528:valak:bc76772, author = {Eli Salem and Assaf Dahan and Lior Rochberger}, title = {{Valak: More than Meets the Eye}}, date = {2020-05-28}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/valak-more-than-meets-the-eye}, language = {English}, urldate = {2020-06-02} } Valak: More than Meets the Eye
Valak
2019-12-22prsecurity
@online{prsecurity:20191222:casual:4e2cfc3, author = {prsecurity}, title = {{Casual Analysis of Valak C2}}, date = {2019-12-22}, url = {https://medium.com/@prsecurity_/casual-analysis-of-valak-c2-3497fdb79bf7}, language = {English}, urldate = {2020-01-26} } Casual Analysis of Valak C2
Valak
2019-12-19Twitter (@malware_traffic)Brad Duncan
@online{duncan:20191219:valak:a793639, author = {Brad Duncan}, title = {{Tweet on Valak Malware}}, date = {2019-12-19}, organization = {Twitter (@malware_traffic)}, url = {https://twitter.com/malware_traffic/status/1207824548021886977}, language = {English}, urldate = {2020-01-05} } Tweet on Valak Malware
Valak

There is no Yara-Signature yet.