https://dmpdump.github.io/CTI, threat intelligence, reverse engineering, programming, malware 2026-04-27T00:31:50+00:00 dmpdump https://dmpdump.github.io/ Jekyll © 2026 dmpdump /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-04-25T00:00:00+00:00 2026-04-25T00:00:00+00:00 https://dmpdump.github.io/posts/TelegramRat/ dmpdump

On April 1, 2026, a zip archive named CV - Vu PLPC So2156516.zip was uploaded to VirusTotal from Vietnam. This archive contains a Microsoft Compiled HTML (CHM) file named Word Document - CV - Vu PLPC KT nam 2026.chm. CHM files have historically been used by a plethora of threat actors. In my personal experience, I have seen CHM files trojanized primarily in state-sponsored/targeted activity rat...

2026-02-14T00:00:00+00:00 2026-03-15T22:01:22+00:00 https://dmpdump.github.io/posts/Linux_Backdoor/ dmpdump

In early March, MalwareHunterTeam shared a hash associated with a Linux backdoor with 0 detection in VirusTotal. It is well known that AV engines in VirusTotal do not implement the full capability of AV solutions, however, the presence of obviously malicious unobfuscated code made it an interesting finding. The backdoor has been in VirusTotal since January 27, 2026 with 2 distinct submissions, ...

2025-11-26T00:00:00+00:00 2025-11-26T00:00:00+00:00 https://dmpdump.github.io/posts/Reia/ dmpdump

On November 21, 2025, Malware Hunter Team shared an interesting sample on X, uploaded to VirusTotal from Singapore. The ZIP file in question is named China’s Governance of Rare Earths and its Global Implications.zip. It contains a password-protected PDF named China’s Governance of Rare Earths and its Global Implications.pdf and an executable named SecurityKey.exe. The lure is clear: the victim ...

2025-09-07T00:00:00+00:00 2025-09-10T02:56:16+00:00 https://dmpdump.github.io/posts/AzureFunctionsMalware/ dmpdump

On August 28, 2025, an ISO named Servicenow-BNM-Verify.iso was uploaded to VirusTotal from Malaysia with very low detections: The ISO image contains 4 files, two of them hidden. servicenow-bnm-verify.lnk, a shortcut file that simply executes PanGpHip.exe PanGpHip.exe, a legitimate Palo Alto Networks executable libeay32.dll, a legitimate OpenSSL library (hidden) libwaapi.dll, a mal...

2025-08-02T00:00:00+00:00 2025-08-04T00:57:53+00:00 https://dmpdump.github.io/posts/CobaltStrike_HK/ dmpdump

On July 18, 2025, an ISO image with moderate detection was updated to VirusTotal from Hong Kong. ISO SHA2: 6573136f9b804ddc637f6be3a4536ed0013da7a5592b2f3a3cd37c0c71926365 The ISO image has a structure which I have seen multiple times in threat activity targeting Chinese-speaking users. Once the ISO is mounted, the victim sees a shortcut (LNK) file with a deceiving folder icon. Additionally...