MALWARE FAMILY

FDMTP

Internal ID: win.fdmtp
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

FDMTP is a newly discovered hacking tool developed in .NET, used by Earth Preta. It functions as a simple malware downloader and is based on the TouchSocket framework over the Duplex Message Transport Protocol (DMTP). In one campaign, threat actors embedded FDMTP in the data section of a DLL. This allows it to be launched through DLL side-loading. The embedded network configurations are encoded and encrypted to enhance security and evade detection, utilizing Base64 and DES encryption methods. It has been observed to serve as a secondary control tool, often deployed by the PUBLOAD backdoor.

Threat Analysis

FDMTP is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.fdmtp

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.