Jun 26, 2026
C2 Hosts: 11
LittleDaemon
According to ESET Research, LittleDaemon is the first stage deployed on the victim’s machine through hijacked updates. It was observed in both DLL and executable versions, both of them 32-bit PEs. The main purpose of LittleDaemon is to communicate with the hijacking node to obtain the downloader that we call DaemonicLogistics. LittleDaemon does not establish persistence.
Linked Threat Actors
PlushDaemon
C2 Infrastructure
Hosting/VPS 82%
ISP/Residential 9%
Unknown 9%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 26, 2026 | 11 |