Denim_reflux_roving_dove.7z May 2026

Attempts to beacon to dove-reflux-api.net via HTTPS on port 443.

Upon extraction, the archive revealed the following directory structure: Denim_Reflux_Roving_Dove.7z

The malware modifies the Windows Registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run to ensure execution on boot. Attempts to beacon to dove-reflux-api