APT / THREAT GROUP

sRDI

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

sRDI allows for the conversion of DLL files to position independent shellcode. It attempts to be a fully functional PE loader supporting proper section permissions, TLS callbacks, and sanity checks. It can be thought of as a shellcode PE loader strapped to a packed DLL.

Threat Analysis

sRDI is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

sRDIDAVESHELLwin.srdi

External Intelligence

Malpedia: win.srdi

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
sRDI — APT / Threat Group | Threat Intelligence | CTIWATCH.COM