MALICIOUS (1) campaign cataloged at 2026-07-10(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-07-turbocalc¶
During import an obfuscated code starts in-memory functions from a binary blob; after that, it communicates with dockfinancial[.]lu, the exact behaviour is unknown.
Abuse categories¶
obfuscation
Code uses obfuscation techniques to hide its true purpose.
other
Campaign uses other.
References¶
Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
dockfinancial.lu