PowerPepper is a Windows in-memory PowerShell backdoor that can execute remotely sent shell commands. It is associated with DeathStalker (formerly called Deceptikons), a threat actor know to be active since 2012. The threat actor consistently used what is called "dead-drop resolvers" (DDRs), which is an obfuscated content hosted on major public web services like YouTube, Twitter or Reddit, once decoded by malware this content reveals a command-and-control (C2) server address.

FTCODE Ransomware encrypts user data using AES-256 (in CBC mode) + RSA-1024, and then requires a ransom of $500 to return the files. FTCODE ransomware mainly target Italian companies. It is spreading via email spam campaign which previously know to distribute JasperLoader and Gootkit.

MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US.

OilRig a threat actor actively know from 2016, now uses a new threat vector BONDUPDATER malware. It target middle eastern oil producing countries. It uses spear phishing email campaigns to propagate itself.

PowerPool malware exploits a 0-day vulnerability in Microsoft Windows 7 to 10. This 0-day vulnerability targets the Advanced Local Procedure Call (ALPC) allows non-admin user to gain administrative privileges.