SYMBOLCOMMON_NAMEaka. SYNONYMS

Hive0137  (Back to overview)


Being one of the most active malware distributors, Hive0137 demonstrates a willingness to explore new payloads and technologies such as GenAI. They have quickly moved onto the same level as other high-profile distributors such as TA577, and will likely be responsible for future phishing campaigns, facilitating initial access for ransomware affiliates. Hive0137’s combination of intent, capabilities and relationships with other groups presents a direct threat to organizations all over the world. As threat actors pick up the pace and increasingly adopt AI technologies for malicious purposes, it is important that organizations are aware of the most recent threats and their capabilities to maintain a strong security posture.


Associated Families
win.xworm

References
2025-08-20KrollMarc Messer, Otavio Passos, Ryan Hicks
XWORM Returns to Haunt Systems with Ghost Crypt
XWorm
2025-07-06MalwareTraceJared G.
XWorm Part 2 - From Downloader to Config Extraction
XWorm
2025-07-03MalwareTraceJared G.
XWorm Part 1 - Unraveling a Steganography-Based Downloader
XWorm
2025-06-05Hunt.ioHunt.io
Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure
AsyncRAT XWorm
2025-04-17TrustwaveDawid Nesterowicz, Pawel Knapczyk
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
StrelaStealer TargetCompany XWorm
2025-03-06Medium SarvivaMalwareAnalystsarviya
XWorm Attack Chain: Leveraging Steganography from Phishing Email to Keylogging via C2 Communication
XWorm
2025-02-12Red CanaryPhil Hagen, Tony Lambert
Defying tunneling: A Wicked approach to detecting malicious network traffic
AsyncRAT DCRat NjRAT XWorm
2025-02-12cyber.wtf blogHendrik Eckardt, Leonard Rapp
Unpacking Pyarmor v8+ scripts
AsyncRAT DCRat XWorm
2024-12-06Github (VenzoV)VenzoV
Shellcode Loader Delivering XWorm
XWorm
2024-11-28Hunt.ioHunt.io
Uncovering Threat Actor Tactics: How Open Directories Provide Insight into XWorm Delivery Strategies
XWorm
2024-11-18ProofpointProofpoint Threat Research Team, Selena Larson, Tommy Madjar
Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape
AsyncRAT Brute Ratel C4 DanaBot DarkGate Latrodectus Lumma Stealer NetSupportManager RAT XWorm
2024-09-12kienmanowar Blogm4n0w4r, Tran Trung Kien
[QuickNote] The Xworm malware is being spread through a phishing email
XWorm
2024-07-26SecurityIntelligenceGolo Mühr, Joe Fasulo
Hive0137 and AI-supplemented malware distribution
WarmCookie XWorm Hive0137
2024-07-16Sentinel LABSJim Walter
NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI
AsyncRAT LockBit XWorm Nullbulge
2024-05-14Check Point ResearchAntonis Terefos, Tera0017
Foxit PDF “Flawed Design” Exploitation
Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm
2024-04-15Positive TechnologiesAleksandr Badaev, Kseniya Naumova
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world
LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm
2024-03-27Twitter (@embee_research)Embee_research
Uncovering Malicious Infrastructure with DNS Pivoting
LokiBot XWorm
2024-03-11YouTube (Embee Research)Embee_research
Xworm Script Analysis and Deobfuscation
XWorm
2024-02-22Medium b.magnezi0xMrMagnezi
Malware Analysis - XWorm
XWorm
2024-02-01Hunt.ioHunt.io
The Accidental Malware Repository: Hunting & Collecting Malware Via Open Directories (Part 1)
XWorm
2024-02-01YouTube (Embee Research)Embee_research
Xworm Malware Analysis - Unravelling Multi-stage Malware with CyberChef and DnSpy
XWorm
2023-11-21ANY.RUNIgal Lytzki
XWorm Malware: Exploring C&C Communication
XWorm
2023-10-24CERT.PLJarosław Jedynak
Malware stories: Deworming the XWorm
XWorm
2023-09-08Gi7w0rm
Uncovering DDGroup — A long-time threat actor
AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm
2023-08-24ANY.RUNElectron, glebyao, kinoshi
XWorm: Technical Analysis of a New Malware Version
XWorm
2023-08-23Twitter (@embee_research)Embee_research, Huntress Labs
Extracting Xworm from Bloated Golang Executable
XWorm
2023-08-01Palo Alto Networks Unit 42Lior Rochberger
NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts
BitRAT NodeStealer XWorm
2023-05-12SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm Payloads
XWorm
2023-04-07ElasticSalim Bitam
Attack chain leads to XWORM and AGENTTESLA
Agent Tesla XWorm
2023-03-30loginsoftSaharsh Agrawal
From Innocence to Malice: The OneNote Malware Campaign Uncovered
Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm
2023-02-02YouTube (Embee Research)Embee_research
Xworm Loader Analysis - Decoding Malware Scripts and Extracting C2's with DnSpy and CyberChef
XWorm
2022-08-19cybleCyble
EvilCoder Project Selling Multiple Dangerous Tools Online
XWorm

Credits: MISP Project