HOMETHREATSSilentRunLoader
APT / THREAT GROUP

SilentRunLoader

2
aliases
Last seen:Jun 21, 2026

Intelligence Profile

According to Proofpoint, SilentRunLoader is a Python-based stealer/loader used by TA4922 to quietly download and execute a next-stage payload. It is designed to harvest Chrome data and other browser artifacts and exfiltrate them to a C2 server. The Python code is relatively straightforward and often appears as vibe-coded, with rapid development of new Python-based tooling observed across campaigns. This reflects the actor’s use of Python-based malware to quickly deploy new payloads.

Threat Analysis

SilentRunLoader is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

SilentRunLoaderwin.silent_run_loader

External Intelligence

Malpedia: win.silent_run_loader

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
SilentRunLoader — APT / Threat Group | Threat Intelligence | CTIWATCH.COM