APT / THREAT GROUP
SilentRunLoader
2
aliases
Last seen:Jun 21, 2026
Intelligence Profile
According to Proofpoint, SilentRunLoader is a Python-based stealer/loader used by TA4922 to quietly download and execute a next-stage payload. It is designed to harvest Chrome data and other browser artifacts and exfiltrate them to a C2 server. The Python code is relatively straightforward and often appears as vibe-coded, with rapid development of new Python-based tooling observed across campaigns. This reflects the actor’s use of Python-based malware to quickly deploy new payloads.
Threat Analysis
SilentRunLoader is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
SilentRunLoaderwin.silent_run_loader
External Intelligence
Malpedia: win.silent_run_loaderResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.