Skip to content
Malware family

TinyNuke

TinyNuke is a malware family referenced in the provided content as a known point of comparison for web-injection behavior and as a payload observed in criminal delivery ecosystems.

Profile source: Mallory opens in a new tab

TinyNuke

Family profile

TinyNuke is a malware family referenced in the provided content as a known point of comparison for web-injection behavior and as a payload observed in criminal delivery ecosystems. In the 2018 Flare-On Challenge 4 write-up, a dropped DLL named browserassist.dll was persisted via the AppInit_DLLs registry value at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs, targeted firefox.exe, checked for Firefox versions lower than 55, downloaded Base64-encoded encrypted data from hxxp://pastebin.com/raw/hvaru8NU, decrypted it with RC4 using the key md5("FL@R3ON.EXE"), and used the resulting JSON to replace matching webpage code with attacker-supplied content; the write-up explicitly states this web-injection technique is similar to TinyNuke malware. Separately, TinyNuke is listed among malware families observed in BraZZZerS fast-flux/proxy infrastructure logs, indicating it appeared in that criminal hosting ecosystem, and it is also listed among payloads delivered in observed malware chains, including StealC-linked delivery activity. The provided content does not supply higher-confidence details on TinyNuke’s full feature set, infection vector, specific threat actor attribution, or dedicated indicators of compromise beyond these references.

C2 tracking

Seven-day C2 activity

Derp observations, rolling seven-day window

Observed infrastructure

Last seven days

First activity
Jul 19, 2026
Last activity
Jul 19, 2026
Feed role
C2
Host form
1 IP / 0 hostnames

Leading locations

  • LU1

Leading providers

  • Ghosty Networks LLC1

Infrastructure traits

  • Hosting 1

Samples

Recent associated samples

MITRE ATT&CK

TinyNuke in ATT&CK

4 distinct techniques

Reporting

Research mentioning TinyNuke

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.