Zero-Dwell Threat Intelligence Reports

Registry-Based Persistence Keeps PluggyApe Backdoor Active Across Reboots.exe

64bits overlay

PluggyApe Backdoor Exploits Python Loader to Establish Stealthy Persistence.exe

64bits overlay

Malicious Python-Based Loader Powers Stealthy PluggyApe Infections.exe

64bits overlay

Hidden Backdoor Functionality Enabled by Obfuscated PluggyApe Payload.exe

64bits overlay

Network Communication Initiated via HTTP by Lynx Ransomware Payload.exe

overlay payload

Command-Line Process Spawned to Launch Payload by Lynx Ransomware.exe

detect-debug-environment spreader assembly payload

Outbound C2 Communication Established via Dynamic DNS by Lynx Ransomware.exe

long-sleeps detect-debug-environment idle spreader assembly

Nova Ransomware Pushes Evasion Further with Fileless-Like Deployment Tricks.exe

64bits detect-debug-environment

Advanced Anti-Analysis Tricks Keep Nova Ransomware Hidden From Defenders.exe

payload

From Execution to Encryption, Nova Ransomware Delivers a Fast and Aggressive Kill Chain.exe

64bits detect-debug-environment payload

Aggressive File Discovery and Locking Workflow Observed During Nova Ransomware Attacks.exe

overlay detect-debug-environment

Nova Ransomware Accelerates File Encryption Using High-Performance Crypto Routines.exe

64bits detect-debug-environment calls-wmi