XWorm2
XWorm .NET 2022 TurkoRat forum. SHN2026 VBS delivery. neuroprostheses.Ru C2. Keylogger+clipboard+RAT. AveStealer base.
Threat Profile
Type
RAT
Programming LanguageVBScript/.NET
C2 ProtocolTCP
First Seen2022
Targets
LATAM/Ispanya
Purpose / Capabilities
- Remote Access
C2 Servers 1
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
neuroprostheses.ru
|
443 | HTTPS | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (2)
XWorm -- SHN2026000000026.vbs Sıralı VBS, neuroprostheses.Ru Rusça C2 | Yüksek
XWorm 1.6MB SHN2026000000026.vbs sıralı sevkiyat VBS. neuroprostheses.Ru Rusya .ru TLD C2 domain.
Read Report →XWorm 2 -- FORMULARIO BANCARIO VBS 2.5MB İspanyolca Banka Formu, photopolymer | Yüksek
XWorm2 FORMULARIO BANCARIO.vbs 2.5MB. İspanyolca banka formu lure. VBS obfuskasyon.
Read Report →