SYMBOLCOMMON_NAMEaka. SYNONYMS
win.pterois (Back to overview)

Pterois

Actor(s): Swan Vector


According to Seqrite, this is a loader for a follow-up side-loaded and in memory-staged Cobalt Strike Beacon. It uses API hashing (SDBM) and pulls the next stage from Google Drive using hardcoded access credentials.

References
2025-05-12SeqriteSubhajeet Singha
Unveiling Swan Vector APT Targeting Taiwan and Japan with varied DLL Implants
Pterois Swan Vector

There is no Yara-Signature yet.