Win32/Wkysol
Win32/Wkysol is malware associated with the Chinese state-affiliated threat actor Salmon Typhoon, which overlaps with APT4 and Maverick Panda. The provided content states that Salmon Typhoon has deployed malware such as Win32/Wkysol to maintain remote access to compromised systems, indicating a backdoor or remote-access role in post-compromise operations. No specific infection vector, platform details beyond the Win32 naming, technical capabilities beyond maintaining remote access, or indicators of compromise are provided in the content.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
"...deployment of malware, such as Win32/Wkysol, to maintain remote access to compromised systems."
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Malware used to maintain remote access to compromised systems (persistent access/backdoor capability).
Malware used to maintain remote access to compromised systems (persistent backdoor/RAT capability).
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.