Zero-Dwell Threat Intelligence Reports

MuddyWater-Associated Trojan Leverages Malicious PE Section Manipulation and Crypt.XPACK Obfuscation.exe

overlay

MuddyWater-Linked Stagecomp Sample Executes Persistence via WebView2 Masquerading.exe

64bits

Win32/MuddyWater Implementation Employs DISPLAY drives Handeler Mimicry for Payload Delivery.exe

overlay

High-Confidence Ibashade Detection: Win32 Executable Leverages MicroPackage Masquerading for Evasion.exe

overlay spreader

Win32/Drolnux Workflow Employs Signed-Software Mimicry for Multi-Stage Payload Dropping.exe

overlay

MuddyWater-Associated DarkComp Sample Executes Signed PE Delivery Workflow.exe

overlay spreader

Microsoft-Signed Certificate Abuse Aligns with MuddyWater Malware Operations.exe

signed long-sleeps overlay detect-debug-environment

MuddyWater-Labeled DIDS.exe Uses Revoked Microsoft-Signed Certificate Chain.exe

signed long-sleeps detect-debug-environment invalid-signature

Vect.exe Executes Run-Key Persistence and Multi-Stage Defense Evasion.exe

64bits detect-debug-environment persistence checks-usb-bus

Wallpaper Hijack and Task Manager Blocking Signal Vect Ransomware Detonation.exe

64bits long-sleeps detect-debug-environment persistence

Safe Mode Persistence and Shadow Copy Deletion Define Active Locker Campaign.exe

64bits long-sleeps persistence checks-usb-bus

High-Severity Trojan.Ploutus Detection Confirms Active ATM Cash-Out Threat Activity.exe

long-sleeps detect-debug-environment assembly direct-cpu-clock-access