May 31, 2026
C2 Hosts: 1
ValleyRAT
Also known as: Winos
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
May 30, 2026
C2 Hosts: 2
| Date | C2 Hosts |
|---|---|
| May 31, 2026 | 1 |
| May 30, 2026 | 2 |
Further Reading
New “CleverSoar” Installer Targets Chinese and Vietnamese Users | Rapid7 Blog opens in a new tab
In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims.
rapid7.com
莫步40亿数据泄漏事件后尘!针对金融、证券业攻击活动预警 opens in a new tab
本次攻击在溯源视角下呈现出通过微信等即时通讯途径投递的特点,且针对行业集中在证券、金融领域,该团伙的恶意样本最早于2021年5月活跃。
secrss.com
Botnet C&C | Botnet Threat Update January to June 2025 | Report opens in a new tab
spamhaus.org
Botnet C&C | Botnet Threat Update July to December 2025 | Report opens in a new tab
spamhaus.org
Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework opens in a new tab
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI f...
trendmicro.com
New Updates to ValleyRAT | ThreatLabz opens in a new tab
Technical analysis of a new ValleyRAT campaign | New updates include device fingerprinting and desktop screen capturing
zscaler.com