Zero-Dwell Threat Intelligence Reports

Roblox Account Manager.exe Flags High-Severity Trojan/GameHack Traits.exe

long-sleeps detect-debug-environment checks-user-input assembly executes-dropped-file persistence clipboard checks-usb-bus

Packed XWorm V6.5 Sample Detected With Telegram ChatBot Indicators.exe

detect-debug-environment checks-user-input assembly

Packed Crack Tool Unmasked as XWorm/Packy Trojan With Temp Payload.exe

long-sleeps detect-debug-environment calls-wmi checks-memory-available assembly

MSIL Dropper Executes PowerShell Defender Bypass and Drops nerestpc.exe.exe

long-sleeps detect-debug-environment calls-wmi checks-user-input assembly persistence

Win64 XWorm Backdoor Abuses Shell-Open Registry for Persistence.exe

64bits overlay spreader

Catlavan XWorm Variant Shows Stealer Activity and Dual C2 Channels.exe

detect-debug-environment calls-wmi assembly malware obfuscated

XWorm V6 Dropper Uses Pastebin + Telegram C2 and AES Key.exe

long-sleeps checks-user-input assembly malware

XWorm Variant Fetches C2 From Pastebin and Deploys crvwv.exe.exe

assembly malware obfuscated service-scan

Signed XWorm Backdoor Abuses Shell-Open Registry for Stealth Persistence.exe

64bits overlay spreader

MSIL XWorm Payload Exhibits Trojan Activity and Portmap C2 Communication.exe

long-sleeps calls-wmi assembly

XWorm V5.6 Sample Exhibits AES Encryption, C2 Retrieval, and Dropper Traits.exe

64bits checks-user-input spreader obfuscated

Packed Packy/XWorm Dropper Masquerades as Nixware Crack.exe

long-sleeps checks-user-input assembly