SYMBOLCOMMON_NAMEaka. SYNONYMS
win.earthworm (Back to overview)

Earthworm

According to Cisco Talos, Earthworm is network tunneling tool that has extensively been used by Chinese-speaking threat actors in intrusions to expose internal endpoints to attacker-owned remote infrastructure.

References
2026-01-15Cisco TalosAsheer Malhotra, Brandon White, Vitor Ventura
UAT-8837 targets critical infrastructure sectors in North America
Earthworm Rubeus SharpHound SharpWMI UAT-8837

There is no Yara-Signature yet.