XWorm V6: Exploring Pivotal Plugins

(520) 462-0516

Since the release of XWorm V6.0 on June 4, 2025, we have noted a surge in samples identified as XWorm V6.0 on VirusTotal, reflecting its rapid adoption by threat actors. One prominent campaign illustrates its delivery: a malicious JavaScript (JS) file initiates a PowerShell (PS1) script, which deploys an injector to deliver the XWorm Client. Author: AlienVault

Related Tags:
amsi bypass

remote desktop

T1055.012

T1056.001

T1059.001

T1059.003

T1012

XWorm

JavaScript

Associated Indicators:
000185A17254CD8863208D3828366EC25DDD01596F18E57301355D4A33EAC242

B314836A3CA831FCB068616510572AC32E137AD31AE4B3E506267B429F9129B1

33EE1961E302DA3ABC766480A58C0299B24C6ED8CEEB5803FA857617E37CA96E

995869775B9D43ADEB7E0EB34462164BCFBEE3ECB4EDA3C436110BD9B905E7BA

8D04215C281BD7BE86F96FD1B24A418BA1C497F5DEE3AE1978E4B454B32307A1

64CBBBF90FE84EDA1A8C2F41A4D37B1D60610E7136A02472A72C28B6ACADC2FC

2B507D3AE01583C8ABF4CA0486B918966643159A7C3EE7ADB5F36C7BD2E4D70E

5314C7505002CDA1E864ECED654D132F773722FD621A04FFD84AE9BC0749B791

4CE4DC04639D673F0627AFC678819D1A7F4B654445BA518A151B2E80E910A92C

Threat Intel Solutions

XWorm V6: Exploring Pivotal Plugins

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us