Blog Post

The Human Connection Blog
1 MIN READ

New CTI Lab: Xworm: Analysis

BenMcCarthy's avatar
BenMcCarthy
Icon for Immerser rankImmerser
5 days ago

Today, we’ve released a brand-new lab focusing on reverse engineering a malware called Xworm. You will be deep diving into the .NET code and pulling out IOCs from this obfuscated binary.

Xworm is a piece of malware that was first discovered in 2022 being used by threat actors like NullBulge and TA558. Xworm is a remote access trojan (RAT). Attackers deploy it onto compromised machines to steal data, facilitate remote code execution through shell access, and tamper with native security solutions like Microsoft Windows Defender, ready for other malware to be dropped and executed on a machine.

Why have we created this content?
Xworm is a commodity piece of malware that has been observed in the wild and has previously been observed being sold on hacker forums to opportunistic cybercriminals. Recently, cracked versions of this malware have been leaked to VirusTotal, GitHub, and other repositories. This content provides a unique look into commodity malware, how it's designed, and what to look out for when coming across it.

What are we publishing?
All customers on a CyberPro License have immediate access to a new lab.

Who is this content for?
This lab is focused on upskilling and increasing the defensive capabilities of the following roles:

  • Incident Responders
  • Malware Analysts
  • Reverse Engineers
  • SOC Analysts
  • Cyber Threat Intelligence Analysts

 

We are also hosting a webinar! Come and see what we do as a CTI team and how we help cyber teams with their real-world threat preparedness! 

Updated 5 days ago
Version 1.0
No CommentsBe the first to comment