{
  "name": "XWorm v5.6 Malware Being Distributed via Webhards",
  "slug": "xworm-v56-malware-being-distributed-via-webhards",
  "description": "Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and conducting activities like keylogging, webcam data exfiltration, and additional malware downloads.",
  "published": "2024-05-30T12:34:09+00:00",
  "created_at": "2024-05-30T12:34:09+00:00",
  "modified_at": "2024-05-30T13:32:21+00:00",
  "created_at_opencti": "2024-05-30T12:34:09+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-30",
    "xworm"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "https://groundbreakingsstyle.com/wp-content/nanofolder/img-files/a95c346e-bd42-406b-a6a4-ed808e98bf67.res"
      },
      {
        "id": "",
        "name": "https://groundbreakingsstyle.com/wp-content/nanofolder/img-files/nacati.res"
      },
      {
        "id": "",
        "name": "https://diditaxi.kro.kr:1050"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:a5003bc015d99522",
        "name": "Korat Backdoor",
        "slug": "korat-backdoor"
      },
      {
        "id": "legacy:malware:93efa7b6934f4953",
        "name": "UDP RAT",
        "slug": "udp-rat"
      },
      {
        "id": "9bfa780c-0c2a-47fd-9cc6-d883c79df274",
        "name": "XWorm v5.6",
        "slug": "xworm-v56"
      },
      {
        "id": "50b0256e-3b81-4f32-b915-979cc893dc27",
        "name": "LV",
        "slug": "lv"
      },
      {
        "id": "legacy:malware:0a3ffd661bac67a8",
        "name": "Bladabindi",
        "slug": "bladabindi"
      },
      {
        "id": "legacy:malware:2066823fa37e1028",
        "name": "Njw0rm",
        "slug": "njw0rm"
      },
      {
        "id": "legacy:malware:be12e6fe16bcaff2",
        "name": "Remcos RAT",
        "slug": "remcos-rat"
      },
      {
        "id": "a88cf653-3ec6-40f9-84a8-ec05b54b1099",
        "name": "njRAT - S0385",
        "slug": "njrat-s0385"
      }
    ],
    "attack_patterns": [
      {
        "id": "5a5ba813-daea-4dac-a4fc-b3462056589f",
        "name": "T1553.003"
      },
      {
        "id": "384655c4-b8b6-4062-93f3-bfe57dd27370",
        "name": "T1107"
      },
      {
        "id": "dea4e00b-6e38-4223-a0f2-8a44e403019b",
        "name": "T1564.003"
      },
      {
        "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46",
        "name": "T1059.003"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "5999052b-e9ae-49e8-9235-d9bf975c22af",
        "name": "T1547.001"
      },
      {
        "id": "2e0c6db7-16a7-4bf6-992e-263474014fce",
        "name": "T1059.004"
      },
      {
        "id": "667462db-9031-48eb-893a-05d35f9330a7",
        "name": "T1056.001"
      },
      {
        "id": "eaff4611-3c78-4127-8745-726f77ed68ba",
        "name": "T1070.004"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Korea, Democratic People's Republic of"
      },
      {
        "id": "",
        "name": "Korea, Republic of"
      }
    ]
  },
  "external_refs": [
    "https://asec.ahnlab.com/en/66099/",
    "https://otx.alienvault.com/pulse/66588e61137e0a9d8fb36274"
  ]
}