Denim_reflux_roving_dove.7z Today

Run a fleet-wide scan for the SHA-256 hashes identified in Section 2.

Upon extraction, the archive revealed the following directory structure: Denim_Reflux_Roving_Dove.7z

The malware modifies the Windows Registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run to ensure execution on boot. Run a fleet-wide scan for the SHA-256 hashes