Zero-Dwell Threat Intelligence Reports

Stealer Family Sample Using Evasion And Obfuscation Methods.exe

XWorm Loader Compiles RegSvcs Stub On-The-Fly and Beacons to Remote C2.exe

long-sleeps detect-debug-environment persistence

Heracles/Tasker Variant Exhibits Schtasks Persistence and Backdoor Behavior.exe

calls-wmi assembly payload

XWorm Variant Masquerades as System Process and Rewrites Winlogon Userinit Key.exe

long-sleeps detect-debug-environment calls-wmi assembly persistence obfuscated

XWorm Variant Adds Defender Exclusions and Creates High-Privilege Scheduled Task.exe

detect-debug-environment calls-wmi checks-user-input assembly malware

Themida-Packed Swift.exe Flags as Trojan.Malgent With High-Severity Hits.exe

64bits detect-debug-environment corrupt themida

XWorm Variant Shows Dual C2, AES Keys, and Full RAT Features.exe

calls-wmi assembly payload

XWorm V6.4 Backdoor Uses TCP + Telegram C2 for Remote Control.exe

calls-wmi checks-user-input assembly persistence payload

XWorm Variant Performs ip-api Recon and Beacons to TCP C2 on 56475.exe

detect-debug-environment calls-wmi assembly malware obfuscated

Roblox Account Manager.exe Flags High-Severity Trojan/GameHack Traits.exe

long-sleeps detect-debug-environment checks-user-input assembly executes-dropped-file persistence clipboard checks-usb-bus

Packed XWorm V6.5 Sample Detected With Telegram ChatBot Indicators.exe

detect-debug-environment checks-user-input assembly

Packed Crack Tool Unmasked as XWorm/Packy Trojan With Temp Payload.exe

long-sleeps detect-debug-environment calls-wmi checks-memory-available assembly