XWorm v5.6 Malware Being Distributed via Webhards

May 30, 2024, 3:32 p.m.

Tags
xworm
2024-05-30
External References
Description

Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and conducting activities like keylogging, webcam data exfiltration, and additional malware downloads.

Date

Published: May 30, 2024, 2:34 p.m.

Created: May 30, 2024, 2:34 p.m.

Modified: May 30, 2024, 3:32 p.m.

Indicators

https://groundbreakingsstyle.com/wp-content/nanofolder/img-files/a95c346e-bd42-406b-a6a4-ed808e98bf67.res

https://groundbreakingsstyle.com/wp-content/nanofolder/img-files/nacati.res

https://diditaxi.kro.kr:1050

Download all indicators here!

Attack Patterns

Korat Backdoor

UDP RAT

XWorm v5.6

LV

Bladabindi

Njw0rm

Remcos RAT

njRAT - S0385

T1553.003

T1107

T1564.003

T1059.003

T1059.001

T1547.001

T1059.004

T1056.001

T1070.004

T1219

Additional Informations

Korea, Democratic People's Republic of

Korea, Republic of