Pterois (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.pterois (Back to overview)

Pterois

Actor(s): Swan Vector

According to Seqrite, this is a loader for a follow-up side-loaded and in memory-staged Cobalt Strike Beacon. It uses API hashing (SDBM) and pulls the next stage from Google Drive using hardcoded access credentials.

References

2025-05-12 ⋅ Seqrite ⋅ Subhajeet Singha
Unveiling Swan Vector APT Targeting Taiwan and Japan with varied DLL Implants
Pterois Swan Vector

There is no Yara-Signature yet.

Pterois Propose Change

References

Pterois