{
	"id": "42cedb53-4153-4736-b94a-abd18ff55ed3",
	"created_at": "2026-04-06T01:31:42.206301Z",
	"updated_at": "2026-04-10T13:11:52.407677Z",
	"deleted_at": null,
	"sha1_hash": "281f688b1e164f3ae71218cd27add965898a6d6d",
	"title": "Valak (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 30827,
	"plain_text": "Valak (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-06 00:09:45 UTC\r\nValak\r\naka: Valek\r\nAccording to PCrisk, Valak is malicious software that downloads JScript files and executes them. What happens\r\nnext depends on the actions performed by the executed JScript files. It is very likely that cyber criminals behind\r\nValak attempt to use this malware to cause chain infections (i.e., using Valak to distribute other malware).\r\nResearch shows that Valak is distributed through spam campaigns, however, in some cases, it infiltrates systems\r\nwhen they are already infected with malicious program such as Ursnif (also known as Gozi).\r\nReferences\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/js.valak\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/js.valak\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/js.valak"
	],
	"report_names": [
		"js.valak"
	],
	"threat_actors": [],
	"ts_created_at": 1775439102,
	"ts_updated_at": 1775826712,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/281f688b1e164f3ae71218cd27add965898a6d6d.pdf",
		"text": "https://archive.orkl.eu/281f688b1e164f3ae71218cd27add965898a6d6d.txt",
		"img": "https://archive.orkl.eu/281f688b1e164f3ae71218cd27add965898a6d6d.jpg"
	}
}