Mastodawn

⚠️ Threat volume increased across nearly every major malware family last week. #XWorm, #Netwire, #Warzone, and #DCRat all saw strong growth, alongside continued #Vidar activity.

📌 Trend to watch: this kind of broad growth usually points to multiple active distribution chains running in parallel. For SOC teams, that means overlapping alerts, noisier triage, and a higher chance of missing escalation paths early.

⚡️ Gain absolute threat visibility inside your SIEM/SOAR. Get an exclusive 10th anniversary deal for your team: https://app.any.run/plans/?utm_source=mastodon&utm_medium=post&utm_campaign=top_10&utm_content=linktoplans&utm_term=250526

#cybersecurity #infosec

ScumBots May 19

#xworm SHA256: de43d8a8356837443466947536488a0f2ef34d4ac660a3306eb35c75d312824e C2: 87[.]120[.]107[.]34:2404

ANY.RUN May 18

⚠️ Overall RAT activity cooled down last week, with #AsyncRAT, #XWorm, and #Remcos all declining, while stealers like #Vidar and #Stealc continued to grow.

📌 Trend to watch: this points to a shift toward credential access and large-scale delivery activity. For defenders, that usually means higher alert volume, broader exposure, and more pressure on early-stage triage.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=180526&utm_content=linktoenterprise
#cybersecurity

Hackread.com May 15

Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!

Read: https://hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/

#CyberSecurity #XWorm #Windows #Malware #Scam

Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads.

Hackread - Cybersecurity News, Data Breaches, AI and More

ANY.RUN May 4

⚠️ RAT activity is on the rise. #XWorm and #AsyncRAT are up, while stealers like #Vidar and #Lumma are declining.

📌 Trend to watch: this suggests a shift toward sustained access and post-compromise operations, not just initial data theft. Lower stealer volume doesn’t reduce risk, it often means fewer early signals but higher impact if missed.

Expand threat visibility in your SOC: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=040526&utm_content=linktoenterprise

#cybersecurity #infosec

ScumBots Apr 27

#xworm SHA256: 3f21b944a8d4f0892e7408fba6fb26694a67588ca68b7c7fc2b497aa65805d97 C2: https://pastebin[.]com/raw/ZyLCDwzJ,pIdorasik-56592[.]portmap[.]host:56592

ANY.RUN Apr 27

Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 575 (632)
⬆️ #Weedhack 414 (336)
⬇️ #Asyncrat 402 (720)
⬆️ #Gh0st 393 (343)
⬆️ #Dcrat 319 (223)
⬇️ #Remcos 310 (373)
⬆️ #Vidar 301 (266)
⬇️ #Quasar 221 (325)
⬆️ #Rustystealer 204 (175)
⬆️ #Lumma 199 (161)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=270426&utm_content=linktoregister#register