In early March, MalwareHunterTeam shared a hash associated with a Linux backdoor with 0 detection in VirusTotal. It is well known that AV engines in VirusTotal do not implement the full capability ...

On November 21, 2025, Malware Hunter Team shared an interesting sample on X, uploaded to VirusTotal from Singapore. The ZIP file in question is named China’s Governance of Rare Earths and its Globa...

On August 28, 2025, an ISO named Servicenow-BNM-Verify.iso was uploaded to VirusTotal from Malaysia with very low detections: The ISO image contains 4 files, two of them hidden. servicenow-...

On July 18, 2025, an ISO image with moderate detection was updated to VirusTotal from Hong Kong. ISO SHA2: 6573136f9b804ddc637f6be3a4536ed0013da7a5592b2f3a3cd37c0c71926365 The ISO image has a s...

On June 30, 2025, a file named deklaracja.chm (“declaration.chm”) was uploaded to VirusTotal from Poland. The file is a Microsoft Compiled HTML Help file, a proprietary online help format which ...

Back in January 2025, I reviewed a campaign delivering Havoc Demon to targets in Bangladesh, Pakistan, and China via LNK files. While hunting for new threats this month, I came across an malicious ...

While hunting for MSI installers that typically distribute Gh0stRAT and RATs that share some of the Gh0stRAT code, such as WinOS/ValleyRAT, I came across an infection chain leading to a slightly mo...

While monitoring new threats, I came across an interesting ISO image (ced7fe9c5ec508216e6dd9a59d2d5193a58bdbac5f41a38ea97dd5c7fceef7a5) uploaded to VirusTotal from Taiwan on May 20, 2025. The ISO c...

On April 22, 2025, MalwareHunterTeam shared a hash for a low detection Linux ELF with 2 hard-coded IP addresses: 43.159.18[.]135 and 119.42.148[.]187. Upon review of the executable (ea41b2bf1064efc...

On April 18, 2025, I came across an interesting LNK file uploaded from Taiwan (f4bb263eb03240c1d779a00e1e39d3374c93d909d358691ca5386387d06be472), which I subsequently found had been initially disco...