Threats Tagged 'dll hijacking'
View all threats tagged with 'dll hijacking'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'dll hijacking'
Click on any threat for detailed analysis and mitigation recommendations
Investigation of email-based attack delivering MediaFire ZIP file with execution chain analysis 0 An investigation revealed a malicious email campaign directing victims to download a ZIP file from MediaFire. The infection chain began with a Python setup executable (Setu.exe) that side-loaded a malicious 400 MB python37.dll containing repeated byte padding. The DLL performed process injection into dllhost.exe, establishing communication with a C2 server at 138.124.186.2:7000. The threat actor deployed three persistence mechanisms: a PowerShell-based path, a fake EdgeUpdate Python executable with scheduled task, and NetSupport RMM as a third access method. The analysis highlights the importance of comparing file timestamps during triage to identify malicious artifacts within compressed archives. Join the discussion | AlienVault OTX General | 06/16/2026, 05:29:40 UTC Added: 06/16/2026, 16:45:15 UTC |
Operation TaxShadow: Multi-Region Tax Phishing & In-Memory Malware Campaign 0 A sophisticated multi-stage malware campaign targets victims through tax-themed phishing emails impersonating Indian and Japanese government authorities. The operation leverages social engineering, fraudulent tax notifications, and trusted third-party email delivery services to distribute ZIP archives containing three staged payloads. The malware implements advanced evasion techniques including DLL Search Order Hijacking, API hooking, token manipulation, Mersenne Twister-based execution logic, COM callback execution, mutated RC4 encryption, and reflective PE loading. Execution occurs primarily in memory, significantly reducing forensic artifacts. The malware establishes persistent WebSocket-based command-and-control communication through HTTP protocol upgrades, allowing malicious traffic to blend with legitimate activity. Chinese-language artifacts were observed throughout the infrastructure and code, though attribution remains at moderate confidence. The campaign demonstrates characteristics of a mature, ... MediumCampaign Join the discussion British Indian Ocean Territory India Japan#websocket c2#dll hijacking#government impersonation | AlienVault OTX General | 06/04/2026, 22:52:20 UTC Added: 06/05/2026, 06:33:37 UTC |
Showing 1 to 2 of 2 results