According to PCrisk, Valak is malicious software that downloads JScript files and executes them. What happens next depends on the actions performed by the executed JScript files. It is very likely that cyber criminals behind Valak attempt to use this malware to cause chain infections (i.e., using Valak to distribute other malware).
Research shows that Valak is distributed through spam campaigns, however, in some cases, it infiltrates systems when they are already infected with malicious program such as Ursnif (also known as Gozi).
|2023-07-26 ⋅ cocomelonc ⋅ |
Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.
Valak POWERSOURCE Gazer PowerDuke
|2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ |
Valak IcedID GOLD CABIN
|2021-09-03 ⋅ IBM ⋅ |
Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
|2021-07-30 ⋅ HP ⋅ |
Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot
|2020-07-24 ⋅ Palo Alto Networks Unit 42 ⋅ |
Evolution of Valak, from Its Beginnings to Mass Distribution
|2020-07-01 ⋅ Cisco Talos ⋅ |
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
Valak IcedID ISFB MyKings Spreader
|2020-06-09 ⋅ Sentinel LABS ⋅ |
Valak Malware and the Connection to Gozi Loader ConfCrew
|2020-06-08 ⋅ Security Soup Blog ⋅ |
Analysis of Valak Maldoc
|2020-05-28 ⋅ Cybereason ⋅ |
Valak: More than Meets the Eye
|2019-12-22 ⋅ |
Casual Analysis of Valak C2
|2019-12-19 ⋅ Twitter (@malware_traffic) ⋅ |
Tweet on Valak Malware
There is no Yara-Signature yet.