Owned and Operated by Sinergise Solutions d.o.o.
Cvetkova ulica 29
SI-1000 Ljubljana
Slovenia
Member of Euro Data Cube
Newsletter Archive
Subscribe to the mailing list!
Webinars
Subscribe to the webinar news!
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.
: Uses specific user agents for communication with its server via GET requests and socket connections. Remote Commands : Perform critical tasks such as: Shutting down, restarting, or logging off Opening or hiding URLs Installing or uninstalling software remotely. DDoS Capabilities : Includes modules to Distributed Denial of Service (DDoS) attacks. Technical Specifics Obfuscation
: It can monitor the system clipboard and replace cryptocurrency wallet addresses with those owned by the attacker. xworm 3.1
The C2 traffic is protected from simple sniffing:
, provides a deep dive into the infection cycle of version 3.1. It details how the malware uses obfuscated .NET binaries and phishing PDFs to gain control, execute keylogging, and perform DDoS attacks. Trellix Research (July 2023): Old Loader, New Threat: Exploring XWorm RAT's Distribution , this analysis examines a campaign using both XWorm v2.1 . It highlights the use of blogspot.com This public link is valid for 7 days
XWorm 3.1 rarely arrives as a lone wolf. Its distribution is multi-pronged:
It includes tools for keylogging, capturing screenshots, and activating webcams to spy on users. Can’t copy the link right now
As of early 2026, XWorm 3.1 is actively distributed via highly tailored, .
Owned and Operated by Sinergise Solutions d.o.o.
Cvetkova ulica 29
SI-1000 Ljubljana
Slovenia
Member of Euro Data Cube
Newsletter Archive
Subscribe to the mailing list!
Webinars
Subscribe to the webinar news!