Intel Name: A deep dive into water gamayun’s arsenal and infrastructure
Date of Scan: March 31, 2025
Impact: High
Summary: Water Gamayun exploits the MSC EvilTwin zero-day (CVE-2025-26633) to compromise systems and steal data using custom payloads and exfiltration techniques. The attack deploys malicious provisioning packages, signed .msi files, and Windows MSC files, leveraging tools like IntelliJ runnerw.exe for execution. Malware strains such as EncryptHub Stealer, SilentPrism, and DarkWisp enable persistence, data theft, and C&C communication via encrypted channels. Organizations can mitigate this threat through patch management and advanced threat detection, with Trend customers protected by Trend Vision One™ rules and filters.
