SYMBOLCOMMON_NAMEaka. SYNONYMS
win.dusty_hammock (Back to overview)

DustyHammock

According to Proofpoint, DustyHammock is a minimalist backdoor that can run commands via cmd.exe, as well as download and execute additional files. The beacon structure of the DustyHammock communications is highly similar to that of SingleCamper, which suggests that both variants can be administered from the same panel.

References
2025-06-30ProofpointDavid Galazin, Greg Lesnewich, Kelsey Merriman, Proofpoint Threat Research Team, Selena Larson
10 Things I Hate About Attribution: RomCom vs. TransferLoader
DustyHammock MeltingClaw RustyClaw ShadyHammock SlipScreen TransferLoader TA829

There is no Yara-Signature yet.