| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Being one of the most active malware distributors, Hive0137 demonstrates a willingness to explore new payloads and technologies such as GenAI. They have quickly moved onto the same level as other high-profile distributors such as TA577, and will likely be responsible for future phishing campaigns, facilitating initial access for ransomware affiliates. Hive0137’s combination of intent, capabilities and relationships with other groups presents a direct threat to organizations all over the world. As threat actors pick up the pace and increasingly adopt AI technologies for malicious purposes, it is important that organizations are aware of the most recent threats and their capabilities to maintain a strong security posture.
| 2025-09-12
⋅
Medium (@zyadlzyatsoc)
⋅
XWorm Malware Analysis: SOC & IR Perspective on Persistence, C2, and Anti-Analysis Tactics XWorm |
| 2025-08-20
⋅
Kroll
⋅
XWORM Returns to Haunt Systems with Ghost Crypt XWorm |
| 2025-07-06
⋅
MalwareTrace
⋅
XWorm Part 2 - From Downloader to Config Extraction XWorm |
| 2025-07-03
⋅
MalwareTrace
⋅
XWorm Part 1 - Unraveling a Steganography-Based Downloader XWorm |
| 2025-06-05
⋅
Hunt.io
⋅
Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure AsyncRAT XWorm |
| 2025-04-17
⋅
Trustwave
⋅
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns StrelaStealer TargetCompany XWorm |
| 2025-03-06
⋅
Medium SarvivaMalwareAnalyst
⋅
XWorm Attack Chain: Leveraging Steganography from Phishing Email to Keylogging via C2 Communication XWorm |
| 2025-02-12
⋅
Red Canary
⋅
Defying tunneling: A Wicked approach to detecting malicious network traffic AsyncRAT DCRat NjRAT XWorm |
| 2025-02-12
⋅
cyber.wtf blog
⋅
Unpacking Pyarmor v8+ scripts AsyncRAT DCRat XWorm |
| 2024-12-06
⋅
Github (VenzoV)
⋅
Shellcode Loader Delivering XWorm XWorm |
| 2024-11-28
⋅
Hunt.io
⋅
Uncovering Threat Actor Tactics: How Open Directories Provide Insight into XWorm Delivery Strategies XWorm |
| 2024-11-18
⋅
Proofpoint
⋅
Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape AsyncRAT Brute Ratel C4 DanaBot DarkGate Latrodectus Lumma Stealer NetSupportManager RAT XWorm |
| 2024-09-12
⋅
kienmanowar Blog
⋅
[QuickNote] The Xworm malware is being spread through a phishing email XWorm |
| 2024-07-26
⋅
SecurityIntelligence
⋅
Hive0137 and AI-supplemented malware distribution WarmCookie XWorm Hive0137 |
| 2024-07-16
⋅
Sentinel LABS
⋅
NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI AsyncRAT LockBit XWorm Nullbulge |
| 2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
| 2024-04-15
⋅
Positive Technologies
⋅
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm |
| 2024-03-27
⋅
Twitter (@embee_research)
⋅
Uncovering Malicious Infrastructure with DNS Pivoting LokiBot XWorm |
| 2024-03-11
⋅
YouTube (Embee Research)
⋅
Xworm Script Analysis and Deobfuscation XWorm |
| 2024-02-22
⋅
Medium b.magnezi
⋅
Malware Analysis - XWorm XWorm |
| 2024-02-01
⋅
Hunt.io
⋅
The Accidental Malware Repository: Hunting & Collecting Malware Via Open Directories (Part 1) XWorm |
| 2024-02-01
⋅
YouTube (Embee Research)
⋅
Xworm Malware Analysis - Unravelling Multi-stage Malware with CyberChef and DnSpy XWorm |
| 2023-11-21
⋅
ANY.RUN
⋅
XWorm Malware: Exploring C&C Communication XWorm |
| 2023-10-24
⋅
CERT.PL
⋅
Malware stories: Deworming the XWorm XWorm |
| 2023-09-08
⋅
Uncovering DDGroup — A long-time threat actor AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm |
| 2023-08-24
⋅
ANY.RUN
⋅
XWorm: Technical Analysis of a New Malware Version XWorm |
| 2023-08-23
⋅
Twitter (@embee_research)
⋅
Extracting Xworm from Bloated Golang Executable XWorm |
| 2023-08-01
⋅
Palo Alto Networks Unit 42
⋅
NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts BitRAT NodeStealer XWorm |
| 2023-05-12
⋅
Securonix
⋅
Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm Payloads XWorm |
| 2023-04-07
⋅
Elastic
⋅
Attack chain leads to XWORM and AGENTTESLA Agent Tesla XWorm |
| 2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
| 2023-02-02
⋅
YouTube (Embee Research)
⋅
Xworm Loader Analysis - Decoding Malware Scripts and Extracting C2's with DnSpy and CyberChef XWorm |
| 2022-08-19
⋅
cyble
⋅
EvilCoder Project Selling Multiple Dangerous Tools Online XWorm |