Lumion.pro.v12.0-zmco.exe-------- |top| 【2027】

| Category | Example families with similar behavior | |----------|----------------------------------------| | | PlugX , NanoCore , Remcos , DarkComet | | Information Stealers | AgentTesla , FormBook , LokiBot | | Downloader/Dropper | Emotet (post‑Emotet phase), BazarLoader , QakBot | | Ransomware Delivery | Ryuk , LockBit , Clop (often delivered via a RAT first) |

| Control | Recommendation | |---------|----------------| | | Enforce that only signed, vetted executables (e.g., from known Lumion installers) may run. | | Email Gateway | Block attachments with double‑extension or suspicious filenames ( *.exe , *.scr , *.zip containing .exe ). | | Web Filtering | Block access to known malicious dynamic DNS providers and C2 domains. | | User Education | Conduct phishing awareness training focusing on “software update” lures. | | Patch Management | Keep OS and third‑party software patched; many RATs exploit unpatched libraries. | Lumion.pro.v12.0-zmco.exe--------