Threats Tagged 'havoc demon'
View all threats tagged with 'havoc demon'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'havoc demon'
Click on any threat for detailed analysis and mitigation recommendations
Targeted espionage against Cambodian government entities 0 Two espionage campaigns attributed to the Khmer Shadow cluster targeted Cambodian government entities in defense and public works sectors. The campaigns used a custom C++ loader named NIGHTFORGE delivered via government-themed self-extracting archive lures. NIGHTFORGE employs advanced evasion techniques such as NTDLL unhooking and Hell's Gate syscall resolution to decrypt and execute a Havoc Demon payload in memory. It uses DLL sideloading through a legitimate VMware-signed binary and establishes persistence via COM-based scheduled tasks. Despite technical sophistication, the attacker reused payloads and infrastructure across targets. The campaigns specifically targeted Cambodia's Information Collection Bureau and Ministry of Public Works and Transport using meeting-themed social engineering lures. Join the discussion | AlienVault OTX General | 06/11/2026, 11:50:22 UTC Added: 06/11/2026, 14:45:21 UTC |
Fake Tech Support Delivers Havoc Command & Control 0 A sophisticated cyber attack campaign combines social engineering and advanced malware techniques. Attackers pose as IT support to gain initial access, then deploy a modified version of the Havoc C2 framework. The malware uses DLL sideloading, indirect syscalls, and custom loaders to evade detection. After compromising the initial system, the attackers rapidly move laterally, establishing persistence through scheduled tasks and legitimate remote monitoring tools. The campaign demonstrates a blend of human-centric initial access methods and advanced technical evasion techniques, highlighting the need for comprehensive security measures spanning user awareness and technical controls. Join the discussion | AlienVault OTX General | 03/05/2026, 12:32:01 UTC Added: 03/05/2026, 15:12:13 UTC |
Showing 1 to 2 of 2 results