WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel

This report details the identification and clustering of an APT actor dubbed "WildCard" that evolved from the SysJoker backdoor (multi-platform C++) into additional C++ variants and a Rust-based backdoor called RustDown; it analyzes tooling, dead-drop resolver abuse (Google Drive/OneDrive), persistence mechanisms (PowerShell/WMI registry SetStringValue), C2 infrastructure (including 85.31.231.49:443 and several hosting domains), and provides IOCs and a possible link to Operation ElectricPowder, concluding WildCard is an active, sophisticated threat targeting Israeli critical sectors and warranting continued monitoring.