On August 28, 2025, an ISO named Servicenow-BNM-Verify.iso was uploaded to VirusTotal from Malaysia with very low detections: The ISO image contains 4 files, two of them hidden. servicenow-...

On July 18, 2025, an ISO image with moderate detection was updated to VirusTotal from Hong Kong. ISO SHA2: 6573136f9b804ddc637f6be3a4536ed0013da7a5592b2f3a3cd37c0c71926365 The ISO image has a s...

On June 30, 2025, a file named deklaracja.chm (“declaration.chm”) was uploaded to VirusTotal from Poland. The file is a Microsoft Compiled HTML Help file, a proprietary online help format which ...

Back in January 2025, I reviewed a campaign delivering Havoc Demon to targets in Bangladesh, Pakistan, and China via LNK files. While hunting for new threats this month, I came across an malicious ...

While hunting for MSI installers that typically distribute Gh0stRAT and RATs that share some of the Gh0stRAT code, such as WinOS/ValleyRAT, I came across an infection chain leading to a slightly mo...

While monitoring new threats, I came across an interesting ISO image (ced7fe9c5ec508216e6dd9a59d2d5193a58bdbac5f41a38ea97dd5c7fceef7a5) uploaded to VirusTotal from Taiwan on May 20, 2025. The ISO c...

On April 22, 2025, MalwareHunterTeam shared a hash for a low detection Linux ELF with 2 hard-coded IP addresses: 43.159.18[.]135 and 119.42.148[.]187. Upon review of the executable (ea41b2bf1064efc...

On April 18, 2025, I came across an interesting LNK file uploaded from Taiwan (f4bb263eb03240c1d779a00e1e39d3374c93d909d358691ca5386387d06be472), which I subsequently found had been initially disco...

On March 20, 2025, MalwareHunterTeam shared a sample of a ZIP file containing an LNK, uploaded from Cambodia: The ZIP file is named CNP_MFA_Meeting_Documents.zip. It contains an LNK file named M...

On February 22, 2025, MalwareHunterTeam shared a DLL uploaded from Taiwan with hash 1286aa5c73cf2c8058c52271869a5727d71ca5bd4dd0854be970d2a25cb52bf8 The DLL was uploaded from Taiwan on February ...