Zero-Dwell Threat Intelligence Reports

Courier-Themed Installer Executes FormBook Payload and Contacts C2.exe

upx

Convagent Variant Harvests Browser Credentials and Exfiltrates Over C2.exe

long-sleeps calls-wmi spreader assembly checks-bios

Game-Crack Installer Adds Defender Exclusions and Beacons to IP Lookup APIs.exe

checks-user-input executes-dropped-file obfuscated

Trojan Installer with UAC-Bypass Indicators and Rmc-H21NWQ Registry Keys.exe

long-sleeps detect-debug-environment spreader

Trojanized .NET Keylogger with Startup Persistence and Remote Exfiltration.exe

long-sleeps spreader assembly persistence

Trojanized Invoicer Binary Drops Remcos with Rmc-5SDT03 Mutex.exe

long-sleeps detect-debug-environment persistence

Stealer with Autorun Persistence and Encrypted SSL Command Channel.exe

64bits long-sleeps calls-wmi spreader persistence

RAR SFX Loader Executes Batch Chains to Kill Defender and Deploy Payload.exe

overlay detect-debug-environment calls-wmi

Rundll32-Executed DLL Drops Loader and Creates Run Keys for Persistence.dll

64bits long-sleeps detect-debug-environment

Backdoor Loader with Long-Sleeps, WMI Calls, and Encrypted Beaconing.exe

detect-debug-environment assembly persistence

Utility Imposter Using AspNetCompiler-Like Techniques for Payload Delivery.exe

direct-cpu-clock-access runtime-modules

Dropper Beacons to armydevice.shop / glossmagazine.shop and Deploys Stealers.exe

detect-debug-environment