SYMBOLCOMMON_NAMEaka. SYNONYMS
js.valak (Back to overview)

Valak

aka: Valek

According to PCrisk, Valak is malicious software that downloads JScript files and executes them. What happens next depends on the actions performed by the executed JScript files. It is very likely that cyber criminals behind Valak attempt to use this malware to cause chain infections (i.e., using Valak to distribute other malware).

Research shows that Valak is distributed through spam campaigns, however, in some cases, it infiltrates systems when they are already infected with malicious program such as Ursnif (also known as Gozi).

References
2023-07-26cocomelonccocomelonc
Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.
Valak POWERSOURCE Gazer PowerDuke
2022-07-18Palo Alto Networks Unit 42Unit 42
Monster Libra
Valak IcedID GOLD CABIN
2021-09-03IBMAndrew Gorecki, Camille Singleton, John Dwyer
Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
2021-07-30HPPatrick Schläpfer
Detecting TA551 domains
Valak Dridex IcedID ISFB QakBot
2020-07-24Palo Alto Networks Unit 42Brad Duncan
Evolution of Valak, from Its Beginnings to Mass Distribution
Valak
2020-07-01Cisco TalosEdmund Brumaghin, Mariano Graziano, Nick Biasini
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
Valak IcedID ISFB MyKings Spreader
2020-06-09Sentinel LABSJason Reaves
Valak Malware and the Connection to Gozi Loader ConfCrew
Valak
2020-06-08Security Soup BlogRyan Campbell
Analysis of Valak Maldoc
Valak
2020-05-28CybereasonAssaf Dahan, Eli Salem, Lior Rochberger
Valak: More than Meets the Eye
Valak
2019-12-22prsecurity
Casual Analysis of Valak C2
Valak
2019-12-19Twitter (@malware_traffic)Brad Duncan
Tweet on Valak Malware
Valak

There is no Yara-Signature yet.