Threats Tagged 'delphi'
View all threats tagged with 'delphi'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'delphi'
Click on any threat for detailed analysis and mitigation recommendations
How to uncover a Horabot campaign and detect this malware 0 This report details the discovery and analysis of a Horabot malware campaign targeting primarily Mexican users. The attack chain begins with a fake CAPTCHA page leading to multiple stages of obfuscated scripts, ultimately delivering an AutoIT loader and a Delphi-based banking Trojan. The malware employs sophisticated encryption techniques, anti-VM checks, and a custom protocol for C2 communication. It also includes a spreader component written in PowerShell that harvests and exfiltrates email addresses to distribute phishing emails. The analysis reveals Brazilian Portuguese comments in the code, suggesting the threat actor's origin. The report provides detection opportunities including YARA rules and hunting queries to identify this threat. Join the discussion | AlienVault OTX General | 03/18/2026, 11:15:06 UTC Added: 03/18/2026, 16:42:29 UTC |
RAVEN STEALER UNMASKED: Telegram-Based Data Exfiltration 0 Raven Stealer is a modern, lightweight information-stealing malware developed in Delphi and C++. It targets Chromium-based browsers to extract sensitive data, including passwords, cookies, and payment details. The malware uses a modular architecture and UPX packing to evade detection. It executes stealthily and exfiltrates data via Telegram bot integration. Distributed through GitHub and promoted on Telegram, Raven Stealer's user-friendly interface and dynamic module support make it attractive in the commodity malware ecosystem. The malware's capabilities include credential theft, browser data harvesting, and real-time exfiltration, posing a significant threat when used maliciously. Join the discussion | AlienVault OTX General | 07/26/2025, 15:16:39 UTC Added: 07/28/2025, 08:47:35 UTC |
DRAT V2: Updated DRAT Emerges in Arsenal 0 TAG-140, a threat actor group overlapping with SideCopy, has deployed an updated version of their DRAT remote access trojan, dubbed DRAT V2. This new variant, developed in Delphi, introduces enhanced command and control capabilities, including arbitrary shell command execution and improved C2 obfuscation techniques. The malware was distributed through a ClickFix-style social engineering attack, using a cloned Indian Ministry of Defence press portal. DRAT V2 demonstrates TAG-140's ongoing refinement of their tooling and their continued focus on Indian government and defense targets. Join the discussion | AlienVault OTX General | 06/23/2025, 18:23:18 UTC Added: 06/24/2025, 14:23:57 UTC |
Showing 1 to 3 of 3 results