Threats Tagged 'mandark'
View all threats tagged with 'mandark'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'mandark'
Click on any threat for detailed analysis and mitigation recommendations
FormBook Malware Uses Phishing, DLL Side-Loading, JavaScript 0 Two distinct phishing campaigns have been identified targeting companies in Greece, Spain, Slovenia, Bosnia and Central American countries to deliver FormBook data-stealing malware. The first campaign uses RAR attachments containing legitimate executables like Sandboxie ImBox.exe, TikTok desktop, Adobe PDF Preview Handler, and XZ Utils, exploiting DLL side-loading with malicious DLL files. The second campaign deploys heavily obfuscated JavaScript that drops encrypted PNG files, uses PowerShell with Base64 encoding, and leverages a custom .NET loader called Mandark to inject the payload into RegAsm process. Both campaigns deliver the same FormBook executable that employs advanced evasion by manually mapping ntdll.dll in memory to bypass user-mode monitoring and perform direct syscalls, enabling credential theft and data collection from browsers while avoiding detection mechanisms. Join the discussion | AlienVault OTX General | 04/22/2026, 12:43:19 UTC Added: 04/22/2026, 15:31:05 UTC |
Showing 1 to 1 of 1 result