Zero-Dwell Threat Intelligence Reports

Spyware Drops via PowerShell Defender Exclusions and Shellcode Loader.exe

shellcode

ROZETATECH-Signed Binary Masks as JEDITOR.exe to Deploy Downloader.exe

signed overlay checks-user-input

Install.exe Drops Lumma/Rhadamanthys and Harvests Browser Logins.exe

signed 64bits overlay calls-wmi spreader

CobaltStrike Artifact Used for Persistent Remote Access and Dumping.exe

64bits spreader

Stealer with Long-Sleeps and WMI Calls Targets Wallets & Logins.exe

64bits detect-debug-environment calls-wmi spreader

Floxif/Pioneer Virus Masquerading as Microsoft Edge Update.exe

overlay

LokiBot Infostealer Hidden in ASPack-Packed Signature Cloner.exe

long-sleeps detect-debug-environment spreader malware

Lazy/Lumma Stealer Uses TLS SNI to Contact prebwle.su and Consnbx.su.exe

spreader

Krypt/Formbook Variant Uses PowerShell Exclusions to Evade.exe

spreader assembly

Kryptik/Formbook Variant Using PowerShell Whitelisting for Evasion.exe

spreader assembly

ConfuserEx-Packed ClipBanker Injects into Browsers to Sniff Clipboard.exe

assembly

Remote Access Trojan Hides in Themida-Wrapped Reporter Binary.exe

themida