Zero-Dwell Threat Intelligence Reports

CryptoLocker Precursor Executable Embeds Overlay Resources and Spreader Traits.exe

overlay spreader

Trojanized Unity Component Disguised as Editor Plugin with C2 Indicators.dll

detect-debug-environment assembly

Win32 Upatre/Zbot Downloader Beacons and Executes Crypto-Encryptor.exe

overlay spreader

Trojanized GUI EXE Uses PowerShell Stagers to Install Stealer Modules.exe

spreader assembly

Amadey/Doina Trojan Fetcher Using HTTP C2 and Hidden Install Folder.exe

spreader

Trojanized WinRAR EXE Adds Defender Exclusions and Harvests Logins.exe

spreader assembly

Large CryEngine EXE Packs Overlayed Stealer with Injector Traits.exe

SFX-Packed Trojan Masks as SystemHelper and Beacons for Secondary Tasks.exe

overlay

Large Installer Imposter Switches to 64-bit (Heaven’s Gate) to Load Stealer.exe

detect-debug-environment

Lumma/Amadey Runner Adds Defender Exclusions and Beacons for Tasks.exe

overlay calls-wmi persistence checks-bios

Packed EXE Fetches Encrypted Tasks from softytoys.shop and Executes Stealer.exe

detect-debug-environment spreader

AutoIt/Injector Dropper Spawns PowerShell and Performs WMI Recon.exe

long-sleeps detect-debug-environment calls-wmi