{"id":58357,"date":"2025-03-25T00:00:00","date_gmt":"2025-03-25T00:00:00","guid":{"rendered":"urn:uuid:7fcbdd8f-7681-3ed7-9c3e-ef2be834b378"},"modified":"2025-03-25T00:00:00","modified_gmt":"2025-03-25T00:00:00","slug":"cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/","title":{"rendered":"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/Earth-Gamayun-1-thumbnail:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/25\/Earth-Gamayun-1-thumbnail.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>Water Gamayun not only uses these techniques in this loader, but also extensively applies them in other modules to download and execute next-stage payloads or plugins from the server. By leveraging these techniques, attackers can proxy the execution of malicious payload through legitimate Windows binaries by running non-malicious files.<\/p>\n<p><span class=\"body-subhead-title\">Conclusion<\/span><\/p>\n<p>Trend Research\u2019s investigation into this campaign demonstrates Water Gamayun\u2019s approach to exploiting vulnerabilities within the MMC framework. By abusing a vulnerability in the MMC framework, which we have designated as MSC EvilTwin (CVE-2025-26633), this threat actor has effectively devised a method to execute malicious code on infected machines. In this installment of our two-part series, we focused on the technical aspects of the MSC EvilTwin technique and the Trojan loader used to exploit this vulnerability. This attack employs multiple innovative techniques to maintain persistence and exfiltrate sensitive data, leveraging the manipulation of .msc files and Microsoft&#8217;s MUIPath.<\/p>\n<p>Our findings revealed that this campaign is actively developing, utilizing various delivery methods and custom payloads, as detailed in the modules deployed by Water Gamayun, including EncryptHub stealer, DarkWisp backdoor, SilentPrism backdoor, and Rhadamanthys stealer.<\/p>\n<p>Through the collaboration between Microsoft and the Trend ZDI, this zero-day attack has been disclosed and a patch has quickly been issued to address it. Enterprises need comprehensive cybersecurity solutions to combat the evolving threats exemplified by campaigns such as those conducted by Water Gamayun. With techniques that exploit vulnerabilities like MSC EvilTwin, a layered approach and advanced cybersecurity solutions are vital for safeguarding digital assets in a landscape where threat actors are continuously refining their tactics.<\/p>\n<p><span class=\"body-subhead-title\">Proactive security with Trend Vision One\u2122&nbsp;<\/span><\/p>\n<p>Organizations can protect themselves from attacks such as those employed by Water Gamayun with&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/one-platform.html\" title=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/one-platform.html\">Trend Vision One<\/a><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/network.html\">\u2122<\/a>&nbsp;\u2013 the only AI-powered enterprise cybersecurity platform that centralizes cyber risk exposure management, security operations, and robust layered protection. This comprehensive approach helps you predict and prevent threats, accelerating proactive security outcomes across your entire digital estate. Backed by decades of cybersecurity leadership and Trend Cybertron, the industry&#8217;s first proactive cybersecurity AI, it delivers proven results: a 92% reduction in ransomware risk and a 99% reduction in detection time. Security leaders can benchmark their posture and showcase continuous improvement to stakeholders. With Trend Vision One, you\u2019re enabled to eliminate security blind spots, focus on what matters most, and elevate security into a strategic partner for innovation.<\/p>\n<p><span class=\"body-subhead-title\">Trend protections for CVE-2025-26633<\/span><\/p>\n<p>The following protections have been available to Trend Micro customers:&nbsp;<\/p>\n<p><b>Trend Vision One\u2122 &#8211; Network Security<\/b><\/p>\n<p>TippingPoint Intrusion Prevention Filters<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">45359: TCP: Backdoor.Shell.DarkWisp.A Runtime Detection<\/span><\/li>\n<li><span class=\"rte-red-bullet\">45360: HTTP: Trojan.Shell.EncryptHubStealer.B Runtime Detection<\/span><\/li>\n<li><span class=\"rte-red-bullet\">45361: HTTP: Backdoor.Shell.SilentPrism.A Runtime Detection<\/span><\/li>\n<li><span class=\"rte-red-bullet\">45594: HTTP: Trojan.Shell.EncryptHubStealer.B Runtime Detection (Notification Request)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">45595: HTTP: Trojan.Shell.MSCEvilTwin.A Runtime Detection (Payload &#8211; Server Response)<\/span><\/li>\n<\/ul>\n<p><span class=\"body-subhead-title\">Trend Vision One Threat Intelligence<\/span><\/p>\n<p>To stay ahead of evolving threats, Trend customers can access a range of Intelligence Reports and Threat Insights. Threat Insights helps customers stay ahead of cyber threats before they happen and better prepared for emerging threats. It offers comprehensive information on threat actors, their malicious activities, and the techniques they use. By leveraging this intelligence, customers can take proactive steps to protect their environments, mitigate risks, and respond effectively to threats..<\/p>\n<p><b>Trend Vision One Intelligence Reports App [IOC Sweeping]<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><i>ZDI-CAN-26371 (CVE-2025-26633): Water Gamayun exploit MSC EvilTwin Zero-Day<\/i><\/span><\/li>\n<\/ul>\n<p><b>Trend Vision One Threat Insights App<\/b><\/p>\n<h2><span class=\"body-subhead-title\">Hunting Queries&nbsp;<\/span><\/h2>\n<p><b>Trend Vision One Search App<\/b><\/p>\n<p>Trend Vision One customers can use the Search App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.\u202f\u202f\u202f<\/p>\n<p><b>Monitor for network connections to suspicious C&amp;C IPs<\/b><\/p>\n<p><span class=\"code\"><span class=\"blockquote\">eventId:3 AND eventSubId:204 AND (dst:&#8221;82.115.223.182&#8243;)<\/span><\/span><\/p>\n<p><b>Look for processes (mmc.exe) executing .msc files from unusual paths<\/b><\/p>\n<p><span class=\"code\"><span class=\"blockquote\">eventSubId:2 AND processFilePath:&#8221;*\\mmc.exe&#8221; AND processFilePath:&#8221;*\\powershell.exe&#8221; AND objectFilePath:&#8221;C:\\\\Windows \\System32\\*.msc&#8221;<\/span><\/span><\/p>\n<p>More hunting queries are available for Trend Vision One customers with\u202f<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/one-platform\/threat-insights.html\" target=\"_blank\" rel=\"noopener\">Threat Insights Entitlement enabled<\/a>.<\/p>\n<p><span class=\"body-subhead-title\">Indicators of Compromise (IOCs)<\/span><\/p>\n<p>The indicators of compromise for this entry can be found <a href=\"https:\/\/documents.trendmicro.com\/assets\/txt\/IOCs_MSCEvilTwin_42J5iaVT.txt\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/25\/c\/cve-2025-26633-water-gamayun.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":58358,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9555,9509],"class_list":["post-58357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-25T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/Earth-Gamayun-1-thumbnail:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin\",\"datePublished\":\"2025-03-25T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/\"},\"wordCount\":678,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/\",\"name\":\"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin.png\",\"datePublished\":\"2025-03-25T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin.png\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-03-25T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/Earth-Gamayun-1-thumbnail:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin","datePublished":"2025-03-25T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/"},"wordCount":678,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/03\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/","url":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/","name":"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/03\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin.png","datePublished":"2025-03-25T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/03\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/03\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin.png","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/cve-2025-26633-how-water-gamayun-weaponizes-muipath-using-msc-eviltwin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=58357"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58357\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/58358"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=58357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=58357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=58357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}