{ "name": "A Technique-Based Approach to Hunting Web-Delivered Malware", "slug": "a-technique-based-approach-to-hunting-web-delivered-malware", "description": "This report presents a technique-based approach to HTTP body hunting using Censys that addresses this tension directly, and demonstrates its effectiveness by walking through a live discovery: a ClickFix campaign delivering XWorm V5.6 through a 5-stage attack chain.", "published": "2026-04-03T07:49:01+00:00", "created_at": "2026-04-03T07:49:01+00:00", "modified_at": "2026-04-03T15:03:57+00:00", "created_at_opencti": "2026-04-03T07:49:01+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2026-04-03" ], "related_entities": { "observables": [ { "id": "", "name": "https://orcanmedikal.com.tr/tool.htaStage" }, { "id": "", "name": "https://4a-m.al/ConvertedFile.txt" }, { "id": "", "name": "https://4a-m.al/ConvertedFile.txtStage" }, { "id": "", "name": "https://4a-m.al/ConvertedFile.txt." }, { "id": "", "name": "https://orcanmedikal.com.tr/tool.hta" }, { "id": "", "name": "c52314cea0d81acd337cec2f968e55d20c52aca4504d7c452842cd1dcfb9fdf1" }, { "id": "", "name": "adc2f550e7ff2b707a070ffaa50fc367af6a01c037f1f5b347c444cca3c9a650" }, { "id": "", "name": "7e13561d794f7065e9cb3afc319acc7ac9861b4cf653082c1a11d5cc25a5d1f1" }, { "id": "", "name": "b67d8db2f53547b4a5b070b736cd93cbdf3ece21109972d54f193e8ede0b584b" }, { "id": "", "name": "020668f00325631bec2b9c6dd8596d7744e118f68424fdbb28eb2a318f3a7adf" }, { "id": "", "name": "656991f4dabe0e5d989be730dac86a2cf294b6b538b08d7db7a0a72f0c6c484b" } ], "others": [ { "id": "", "name": "4a-m.al" }, { "id": "", "name": "orcanmedikal.com.tr" } ] }, "external_refs": [ "https://otx.alienvault.com/pulse/69cf8d0d1edba26a610bb8bd", "https://censys.com/blog/technique-based-approach-hunting-web-delivered-malware/" ] }