XWorm v5.6 Malware Being Distributed via Webhards

May 30, 2024, 3:32 p.m.

Description

Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and conducting activities like keylogging, webcam data exfiltration, and additional malware downloads.

External References

https://asec.ahnlab.com/en/66099/
https://otx.alienvault.com/pulse/66588e61137e0a9d8fb36274
Tags
xworm
2024-05-30

Date

  • Created: May 30, 2024, 2:34 p.m.
  • Published: May 30, 2024, 2:34 p.m.
  • Modified: May 30, 2024, 3:32 p.m.

Indicators

  • https://groundbreakingsstyle.com/wp-content/nanofolder/img-files/a95c346e-bd42-406b-a6a4-ed808e98bf67.res
  • https://groundbreakingsstyle.com/wp-content/nanofolder/img-files/nacati.res
  • https://diditaxi.kro.kr:1050
Download all indicators here!

Attack Patterns

  • Korat Backdoor
  • UDP RAT
  • XWorm v5.6
  • LV
  • Bladabindi
  • Njw0rm
  • Remcos RAT
  • njRAT - S0385

Additional Informations

  • Korea, Democratic People's Republic of
  • Korea, Republic of