Mr.Trunk · @mrtrunk
5 followers · 8781 posts · Server dromedary.seedoubleyou.meCyble: Sneaky XWorm Uses MultiStaged Attack https://cybleinc.wpcomstaging.com/2023/07/28/sneaky-xworm-uses-multistaged-attack/ #Multi-stagedattack #BATloader #Malware #malware #LOLBin #WebDAV #XWorm
#multi #batloader #malware #lolbin #webdav #xworm
Mr.Trunk · @mrtrunk
5 followers · 8708 posts · Server dromedary.seedoubleyou.meCyble: Sneaky XWorm Uses MultiStaged Attack https://blog.cyble.com/2023/07/28/sneaky-xworm-uses-multistaged-attack/ #Multi-stagedattack #BATloader #Malware #malware #LOLBin #WebDAV #XWorm
#multi #batloader #malware #lolbin #webdav #xworm
Mr.Trunk · @mrtrunk
5 followers · 8609 posts · Server dromedary.seedoubleyou.me
Cyble: Sneaky XWorm Uses MultiStaged Attack https://blog.cyble.com/2023/07/28/sneaky-xworm-uses-multistaged-attack/ #Multi-stagedattack #BATloader #Malware #malware #LOLBin #WebDAV #XWorm
#multi #batloader #malware #lolbin #webdav #xworm
abuse.ch :verified: · @abuse_ch
1185 followers · 46 posts · Server ioc.exchange
XWorm spreading through WebDav server hosted at TheDriveHQ 🔥
LNK -> PowerShell -> WebDav -> ZIP -> bat
Malicious LNK:
📄 https://bazaar.abuse.ch/sample/a19a8e6782f0008c3b10276c764962f6f27b27754d826f8d3679ef15bea122d5/
Payload:
📄 https://bazaar.abuse.ch/sample/9587ef7ba7dfe745e4c98f724110382b7b53f5f7781d1d3fcfc910abacb3fbb8/
#XWorm #botnet C2:
📞 https://threatfox.abuse.ch/ioc/1139291/
Scripter :verified_flashing: · @scripter
251 followers · 1252 posts · Server social.tchncs.de
XWorm RAT: Avira-Sicherheitsexperten warnen vor Malware | heise online
https://www.heise.de/news/XWorm-RAT-Avira-Sicherheitsexperten-warnen-vor-Malware-8976282.html #Cybercrime #Malware #XWormRAT #XWorm
#xworm #xwormrat #malware #cybercrime
Referenced link: https://0day.today/exploit/description/38498
Originally posted by 0day Exploit Database 🌴 / @inj3ct0r@twitter.com: https://twitter.com/inj3ct0r/status/1643723271400038401#m
#0day #XWorm #Trojan 2.1 - Null Pointer Derefernce #DoS #Vulnerability https://0day.today/exploit/description/38498
#0day #xworm #Trojan #dos #Vulnerability
Rakesh Krishnan · @rakeshkrish12
0 followers · 2 posts · Server infosec.exchange
#XWorm are being spread with various programs!
Check out this paste to block these IOCs!
https://pastebin.com/8Duwfbm5
#malware #RAT #ransomware #darkweb #cybersecurity #security #infosec #threatintel #threatintelligence #socintel #OSINT #hack #cyberattack #asyncrat #xenarmor #TOR
#xworm #malware #rat #ransomware #darkweb #cybersecurity #security #infosec #threatintel #threatintelligence #socintel #osint #hack #cyberattack #AsyncRAT #xenarmor #tor
Yogesh Londhe :verified: · @YogeshLondhe
54 followers · 70 posts · Server infosec.exchange
Mark Blair ✅ 🛡 :donor: · @ctrlaltsecurity
174 followers · 138 posts · Server infosec.exchange
Opalsec :verified: · @Opalsec
75 followers · 42 posts · Server infosec.exchangeThis week's edition of SOC Goulash, our Weekend Wrap-Up of infosec news, is live and hot off the press!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-be1
Building on last week's flagging of the increase in abuse of #Malvertising, researchers have observed it being abused to deliver #ASyncRAT and #xworm payloads, as well as to harvest master passwords for Password Manager solutions like #Bitwarden and #1Password.
#Hive ransomware have had their infrastructure seized in a multi-national law enforcement operation. The authorities lurked in their infrastructure for six months, gathering communications & information on their members and stealing 1,300 decryption keys that enabled them to avert ~$130 million in potential ransom payments.
North Korea's crypto-hunting actors have been agile in adopting emerging tradecraft and developing novel payloads. With $1 billion worth of funds brought into the hermit kingdom in 2022, orgs in the #cryptocurrency and #DeFi space will need to be on guard coming into 2023.
#PlugX malware continues to be developed, with new variants spotted in the wild capable of spreading via USB, upgrading old installations, and pilfering documents from hosed computers.
#vulnerabilities in the Realtek SDK have been exploited nearly 130 million times between August and December last year alone by botnets seeking to grow their numbers.
Security researchers Horizon3 intend to release a PoC #exploit for CVSS 9.8 RCE vulnerabilities in VMWare's vRealize Log Insight product this week - make sure you're patched!
For our paid subscribers, we've got some additional articles on:
1. The adoption of OneNote for payload delivery, and tips for analysis;
2. An overview of CVE-2022-34689, a critical Windows vulnerability that could be abused to intercept & decrypt encrypted communications or spoof code-signing of malicious executables;
3. A vulnerability/not-vulnerability in #KeePass, with no patch and an unknown scope of impact, allowing attackers to dump plaintext credentials from the Password Manager.
As always, there's a tonne of additional goodies to be found in the newsletter that I couldn't cover here, so check it out here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-be1
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #malvertising #passwordmanager #vmware #poc
#malvertising #AsyncRAT #xworm #bitwarden #1password #hive #cryptocurrency #defi #plugx #vulnerabilities #exploit #keepass #infosec #cyberattack #hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #passwordmanager #vmware #poc