Caminho

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Caminho](https://attack.mitre.org/software/S9016) is a downloader that has been used by threat actors since at least 2025 to deliver various strains of malware such as XWorm.(Citation: Zscaler BlindEagle DEC 2025)

Associated Techniques (6)

ID	ATT&CK	Tactics
T1027.001	Binary Padding	-
T1027.013	Encrypted/Encoded File	-
T1055.012	Process Hollowing	-
T1105	Ingress Tool Transfer	-
T1106	Native API	-
T1140	Deobfuscate/Decode Files or Information	-

Aliases (24)

VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader VMDetectLoader

Used by Actors (1)

APT-C-36
Nation-state

Metadata

ID:	164518
Created:	28/04/2026 16:00
Updated:	10/05/2026 04:00