Zero-Dwell Threat Intelligence Reports

XWorm Backdoor Establishing Multiple TCP C2 Connections Globally.exe

detect-debug-environment calls-wmi checks-user-input assembly malware checks-bios obfuscated

XWorm Backdoor Using RunKey Persistence And AES-Encrypted C2.exe

long-sleeps detect-debug-environment calls-wmi assembly persistence

XWorm Variant Using PowerShell Exclusions To Evade Defender.exe

detect-debug-environment calls-wmi assembly malware

Malicious Loader Executing Obfuscated Commands To Deploy XWorm.exe

long-sleeps detect-debug-environment calls-wmi executes-dropped-file

Nixware-Branded Executable Exhibiting Stealer-Like Network Behavior.exe

detect-debug-environment calls-wmi assembly malware

MSIL Backdoor Implementing Keylogging, Reconnaissance, And Remote Access.exe

long-sleeps detect-debug-environment checks-user-input assembly

XWorm Variant Communicating With Telegram And TCP C2 Servers.exe

calls-wmi assembly malware

Stealer Family Sample Using Evasion And Obfuscation Methods.exe

XWorm Loader Compiles RegSvcs Stub On-The-Fly and Beacons to Remote C2.exe

long-sleeps detect-debug-environment persistence

Heracles/Tasker Variant Exhibits Schtasks Persistence and Backdoor Behavior.exe

calls-wmi assembly payload

XWorm Variant Masquerades as System Process and Rewrites Winlogon Userinit Key.exe

long-sleeps detect-debug-environment calls-wmi assembly persistence obfuscated

XWorm Variant Adds Defender Exclusions and Creates High-Privilege Scheduled Task.exe

detect-debug-environment calls-wmi checks-user-input assembly malware