Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:59:58 UTC
Home > List all groups > List all tools > List all groups using tool PoohMilk Loader
 Tool: PoohMilk Loader
Names
PoohMilk Loader
PoohMilk
Category Malware
Type Loader
Description
(Palo Alto) Our analysis shows that PoohMilk is the first stage loader. After a successful
exploitation, it sets persistence in the registry with the appropriate command line
argument to execute the second stage payload, in this case, Freenki Loader.
Information
Malpedia AlienVault OTX Last change to this tool card: 14 May 2020
Download this tool card in JSON format
All groups using tool PoohMilk Loader
Changed Name Country Observed
APT groups
 Reaper, APT 37, Ricochet Chollima, ScarCruft 2012-Mar 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bc01c3df-e07f-4d47-b0c6-dc9f7171dda1
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bc01c3df-e07f-4d47-b0c6-dc9f7171dda1
Page 1 of 1