SYMBOLCOMMON_NAMEaka. SYNONYMS
win.xworm (Back to overview)

XWorm

Malware with wide range of capabilities ranging from RAT to ransomware.

References
2023-09-08Gi7w0rm
@online{gi7w0rm:20230908:uncovering:e0089d9, author = {Gi7w0rm}, title = {{Uncovering DDGroup — A long-time threat actor}}, date = {2023-09-08}, url = {https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4}, language = {English}, urldate = {2023-09-08} } Uncovering DDGroup — A long-time threat actor
AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm
2023-08-24ANY.RUNElectron, kinoshi, glebyao
@online{electron:20230824:xworm:aaa5b9f, author = {Electron and kinoshi and glebyao}, title = {{XWorm: Technical Analysis of a New Malware Version}}, date = {2023-08-24}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/}, language = {English}, urldate = {2023-08-30} } XWorm: Technical Analysis of a New Malware Version
XWorm
2023-08-23Twitter (@embee_research)Embee_research, Huntress Labs
@online{embeeresearch:20230823:extracting:f1277f5, author = {Embee_research and Huntress Labs}, title = {{Extracting Xworm from Bloated Golang Executable}}, date = {2023-08-23}, organization = {Twitter (@embee_research)}, url = {https://x.com/embee_research/status/1694635899903152619}, language = {English}, urldate = {2023-08-25} } Extracting Xworm from Bloated Golang Executable
XWorm
2023-08-01Palo Alto Networks Unit 42Lior Rochberger
@online{rochberger:20230801:nodestealer:6c972d8, author = {Lior Rochberger}, title = {{NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts}}, date = {2023-08-01}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/nodestealer-2-targets-facebook-business/}, language = {English}, urldate = {2023-08-21} } NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts
BitRAT NodeStealer XWorm
2023-05-12SecuronixDen Iyzvyk, Tim Peck, Oleg Kolesnikov
@online{iyzvyk:20230512:ongoing:2bad7b3, author = {Den Iyzvyk and Tim Peck and Oleg Kolesnikov}, title = {{Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm Payloads}}, date = {2023-05-12}, organization = {Securonix}, url = {https://www.securonix.com/blog/securonix-threat-labs-security-meme4chan-advisory/}, language = {English}, urldate = {2023-05-16} } Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm Payloads
XWorm
2023-04-07ElasticSalim Bitam
@online{bitam:20230407:attack:aed6a32, author = {Salim Bitam}, title = {{Attack chain leads to XWORM and AGENTTESLA}}, date = {2023-04-07}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla}, language = {English}, urldate = {2023-05-08} } Attack chain leads to XWORM and AGENTTESLA
Agent Tesla XWorm
2023-03-30loginsoftSaharsh Agrawal
@online{agrawal:20230330:from:7b46ae0, author = {Saharsh Agrawal}, title = {{From Innocence to Malice: The OneNote Malware Campaign Uncovered}}, date = {2023-03-30}, organization = {loginsoft}, url = {https://research.loginsoft.com/threat-research/from-innocence-to-malice-the-onenote-malware-campaign-uncovered/}, language = {English}, urldate = {2023-04-14} } From Innocence to Malice: The OneNote Malware Campaign Uncovered
Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm
2022-08-19cybleCyble
@online{cyble:20220819:evilcoder:6460624, author = {Cyble}, title = {{EvilCoder Project Selling Multiple Dangerous Tools Online}}, date = {2022-08-19}, organization = {cyble}, url = {https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/}, language = {English}, urldate = {2022-12-01} } EvilCoder Project Selling Multiple Dangerous Tools Online
XWorm

There is no Yara-Signature yet.