Overview

overview

10

Static

static

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

a ton of y... -.exe

windows7-x64

10

a ton of y... -.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a ton of ya.zip

  • Size

    1.2MB

  • Sample

    240701-eqrlqawbng

  • MD5

    f4261ba39292a0f41c6e2bf8ea5e1a68

  • SHA1

    f7a690eb8c983fbfb5e0f8b22dc746a9be2ae09b

  • SHA256

    e1ea405efb08d4a7d254423fc5b700021eb653b1545d120c0f6cf4ff31c7f0ae

  • SHA512

    9b72eff4011fb718863caba4071816ec22fe9c67d0af2058e93b02c5d65a8cdfe05e641d8bf3f492899b9c63a2ab75474c0f7d04d87986832dff1782b3dc2845

  • SSDEEP

    24576:u/x/K/n/Y/l/1/o/b/u/p/8/f/i/t/1/6/7/0/B/e/H/o/d/C/j/c/J/m/P/Q/lH:oJU/i9tSToh23MFtkzu54fSVsbWBAHaB

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:23638

209.25.140.1:5525:23638

bring-recorder.gl.at.ply.gg:23638

action-yesterday.gl.at.ply.gg:23638

147.185.221.19:23638

then-wheel.gl.at.ply.gg::23638

then-wheel.gl.at.ply.gg:23638

teen-modes.gl.at.ply.gg:23638
Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    uwumonster.exe

Targets

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (70).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (75).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (76).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral5behavioral6

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (77).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral7behavioral8

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (78).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral10behavioral9

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (79).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral11behavioral12

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (80).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral13behavioral14

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (81).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral15behavioral16

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (82).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral17behavioral18

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (83).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral19behavioral20

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (84).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral21behavioral22

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (85).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral23behavioral24

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (86).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral25behavioral26

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (87).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral27behavioral28

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy (88).exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral29behavioral30

    • Target

      a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy.exe

    • Size

      63KB

    • MD5

      222c2d239f4c8a1d73c736c9cc712807

    • SHA1

      c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    • SHA256

      ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    • SHA512

      1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    • SSDEEP

      1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

16
T1053

Scheduled Task

16
T1053.005

Persistence

Boot or Logon Autostart Execution

16
T1547

Registry Run Keys / Startup Folder

16
T1547.001

Scheduled Task/Job

16
T1053

Scheduled Task

16
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

16
T1547

Registry Run Keys / Startup Folder

16
T1547.001

Scheduled Task/Job

16
T1053

Scheduled Task

16
T1053.005

Defense Evasion

Modify Registry

16
T1112

Credential Access

Discovery

Query Registry

32
T1012

System Information Discovery

32
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

xworm
Score
10/10

behavioral1

xwormpersistencerattrojan
Score
10/10

behavioral2

xwormpersistencerattrojan
Score
10/10

behavioral3

xwormpersistencerattrojan
Score
10/10

behavioral4

xwormpersistencerattrojan
Score
10/10

behavioral5

xwormpersistencerattrojan
Score
10/10

behavioral6

xwormpersistencerattrojan
Score
10/10

behavioral7

xwormpersistencerattrojan
Score
10/10

behavioral8

xwormpersistencerattrojan
Score
10/10

behavioral9

xwormpersistencerattrojan
Score
10/10

behavioral10

xwormpersistencerattrojan
Score
10/10

behavioral11

xwormpersistencerattrojan
Score
10/10

behavioral12

xwormpersistencerattrojan
Score
10/10

behavioral13

xwormpersistencerattrojan
Score
10/10

behavioral14

xwormpersistencerattrojan
Score
10/10

behavioral15

xwormpersistencerattrojan
Score
10/10

behavioral16

xwormpersistencerattrojan
Score
10/10

behavioral17

xwormpersistencerattrojan
Score
10/10

behavioral18

xwormpersistencerattrojan
Score
10/10

behavioral19

xwormpersistencerattrojan
Score
10/10

behavioral20

xwormpersistencerattrojan
Score
10/10

behavioral21

xwormpersistencerattrojan
Score
10/10

behavioral22

xwormpersistencerattrojan
Score
10/10

behavioral23

xwormpersistencerattrojan
Score
10/10

behavioral24

xwormpersistencerattrojan
Score
10/10

behavioral25

xwormpersistencerattrojan
Score
10/10

behavioral26

xwormpersistencerattrojan
Score
10/10

behavioral27

xwormpersistencerattrojan
Score
10/10

behavioral28

xwormpersistencerattrojan
Score
10/10

behavioral29

xwormpersistencerattrojan
Score
10/10

behavioral30

xwormpersistencerattrojan
Score
10/10

behavioral31

xwormpersistencerattrojan
Score
10/10

behavioral32

xwormpersistencerattrojan
Score
10/10