Zero-Dwell Threat Intelligence Reports

XWorm V5.6 Payload Fetching C2 Instructions From Pastebin.exe

64bits overlay spreader

Fox XWorm Payload Establishing Persistence Through RunKey Modifications.exe

calls-wmi assembly persistence payload

XWorm Backdoor Deploying USB Installer And AppData Persistence.exe

long-sleeps detect-debug-environment calls-wmi assembly malware

XWorm Sample Employing AES Encryption For Command Traffic.exe

long-sleeps detect-debug-environment calls-wmi assembly

XWorm Variant Using AES Encryption For Command Communications.exe

long-sleeps detect-debug-environment calls-wmi checks-user-input idle assembly payload

XWorm Backdoor Establishing Multiple TCP C2 Connections Globally.exe

detect-debug-environment calls-wmi checks-user-input assembly malware checks-bios obfuscated

XWorm Backdoor Using RunKey Persistence And AES-Encrypted C2.exe

long-sleeps detect-debug-environment calls-wmi assembly persistence

XWorm Variant Using PowerShell Exclusions To Evade Defender.exe

detect-debug-environment calls-wmi assembly malware

Malicious Loader Executing Obfuscated Commands To Deploy XWorm.exe

long-sleeps detect-debug-environment calls-wmi executes-dropped-file

Nixware-Branded Executable Exhibiting Stealer-Like Network Behavior.exe

detect-debug-environment calls-wmi assembly malware

MSIL Backdoor Implementing Keylogging, Reconnaissance, And Remote Access.exe

long-sleeps detect-debug-environment checks-user-input assembly

XWorm Variant Communicating With Telegram And TCP C2 Servers.exe

calls-wmi assembly malware