Zero-Dwell Threat Intelligence Reports

Win32/Drolnux Workflow Employs Signed-Software Mimicry for Multi-Stage Payload Dropping.exe

overlay

MuddyWater-Associated DarkComp Sample Executes Signed PE Delivery Workflow.exe

overlay spreader

Microsoft-Signed Certificate Abuse Aligns with MuddyWater Malware Operations.exe

signed long-sleeps overlay detect-debug-environment

MuddyWater-Labeled DIDS.exe Uses Revoked Microsoft-Signed Certificate Chain.exe

signed long-sleeps detect-debug-environment invalid-signature

Vect.exe Executes Run-Key Persistence and Multi-Stage Defense Evasion.exe

64bits detect-debug-environment persistence checks-usb-bus

Wallpaper Hijack and Task Manager Blocking Signal Vect Ransomware Detonation.exe

64bits long-sleeps detect-debug-environment persistence

Safe Mode Persistence and Shadow Copy Deletion Define Active Locker Campaign.exe

64bits long-sleeps persistence checks-usb-bus

High-Severity Trojan.Ploutus Detection Confirms Active ATM Cash-Out Threat Activity.exe

long-sleeps detect-debug-environment assembly direct-cpu-clock-access

Static Go Ransomware Deployed as enc.exe Exhibits Controlled Timer-Driven Execution.exe

64bits

MSIL-Based Ploutus Variant Leveraging NCR APTRA XFS Framework for ATM Control.exe

assembly payload

Static Go Ransomware Leveraging Thread Context Rewriting and Waitable Timers.exe

64bits payload

Static 64-Bit Gornsm Variant Exhibits Svchost Masquerade and Controlled Thread Rewriting.exe

64bits