ValleyRAT Malware Registry Modification

Rule Info

Name
ValleyRAT Malware Registry Modification
Author
X__Junior
Description
Detects creation of registry keys used to store C2 seen used by the ValleyRAT malware
Reference
https://www.splunk.com/en_us/blog/security/valleyrat-insights-tactics-techniques-and-detection-methods.html
Date
2024-10-28 00:00:00
Modified
None
Id
76d15be9-fe5a-4529-b43a-402c47908ea6
Tags
attack.defense-evasion attack.t1112
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022