Xworm Enters Through the Door Follina Left Open

XwormFollinaRATTrojanChina

Security researchers have identified a new wave of attacks using XWorm malware that exploits the Follina vulnerability. XWorm is a government-sponsored remote access trojan (RAT), the Follina vulnerability is a critical vulnerability in Microsoft Windows systems that was first disclosed in 2022.

Indicators of Compromise

huhuwarcanoefestival.comSOCRadar2023-05-31

assignments.oneSOCRadar2023-05-31

barricks.orgSOCRadar2023-05-31

template.oneSOCRadar2023-05-31

tpaerospace.oneSOCRadar2023-05-31

codezian.comSOCRadar2023-05-31

ftp.mgcpakistan.comSOCRadar2023-05-31

schedule.oneSOCRadar2023-05-31

purepowerinc.netSOCRadar2023-05-31

templa.oneSOCRadar2023-05-31

myvigyan.comSOCRadar2023-05-31

kbowlingslaw.comSOCRadar2023-05-31

kanaskanas.comSOCRadar2023-05-31

stnicholaschurch.caSOCRadar2023-05-31

zaminkaran.irSOCRadar2023-05-31

invoice.oneSOCRadar2023-05-31

depotejarat.irSOCRadar2023-05-31

list.oneSOCRadar2023-05-31

four-quadrant.oneSOCRadar2023-05-31

direct-trojan.comSOCRadar2023-05-31

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Remediations

The malware remediation process starts with personnel identifying and reporting malware and any security gaps that create opportunities for malware attacks.

Investing in resources to train personnel on reporting suspected malware can significantly reduce the risk of malware attacks. Specifically, new hire onboarding and refresher training processes help educate personnel about malware remediation steps.

Reporting Suspected Phishing Attacks

Threat actors commonly exploit phishing attacks to deploy malware on targets’ devices (e.g., computers, phones, tablets). Phishing emails are one of the most common sources of malware attacks.

The essential malware remediation steps for reporting phishing attacks include:

Identify signs of phishing – Training personnel on how to identify common phishing attempts will help mitigate malware attacks. This is an essential cybersecurity practice for preventing phishing, as the attack targets people rather than network or security infrastructure. Personnel can identify phishing attacks based on:
Malicious links in emails, leading to unsecured websites
Links to compromised forms that request users to enter sensitive credentials
Emails of an urgent nature, albeit likely containing wording and grammatical errors
Flag phishing attempts – Once your employees have identified phishing attempts, they must flag the phishing emails by:
Forwarding emails to an internal cybersecurity team for further action
Moving emails directly to a spam folder for internal security review
Blocking sender email addresses used in previous phishing attempts
Submit phishing reports – You can also establish a security policy for employees to report phishing emails to relevant cybersecurity regulators, including:
The US Computer Emergency and Readiness Team (US-CERT), which partners with the Anti-Phishing Working Group (APWG)
Google’s Safe Browsing phishing reporting tool
Federal Trade Commission’s (FTC) fraud reporting tool
FBI’s internet crime reporting tool
Establishing a security policy for your employees to report phishing attacks is essential to the malware remediation process.

Reports & References1

[object Object]

Observed Countries250

AD (731)

AE (901)

AF (834)

AG (100)

AI (455)

AL (173)

AM (168)

AO (762)

AQ (837)

AR (62)

AS (658)

AT (213)

AU (922)

AW (431)

AX (41)

AZ (591)

BA (317)

BB (948)

BD (299)

BE (402)

BF (509)

BG (473)

BH (759)

BI (97)

BJ (725)

BL (841)

BM (305)

BN (180)

BO (99)

BQ (243)

BR (616)

BS (315)

BT (302)

BV (584)

BW (125)

BY (151)

BZ (102)

CA (78)

CC (908)

CD (242)

CF (59)

CG (139)

CH (288)

CI (113)

CK (418)

CL (481)

CM (758)

CN (451)

CO (199)

CR (474)

CU (660)

CV (464)

CW (299)

CX (296)

CY (867)

CZ (861)

DE (676)

DJ (893)

DK (908)

DM (533)

DO (763)

DZ (153)

EC (250)

EE (983)

EG (728)

EH (737)

ER (351)

ES (628)

ET (231)

FI (9)

FJ (227)

FK (467)

FM (427)

FO (133)

FR (691)

GA (355)

GB (581)

GD (322)

GE (545)

GF (906)

GG (37)

GH (562)

GI (637)

GL (932)

GM (832)

GN (513)

GP (323)

GQ (395)

GR (320)

GS (211)

GT (207)

GU (449)

GW (903)

GY (739)

HK (899)

HM (742)

HN (480)

HR (380)

HT (557)

HU (162)

ID (73)

IE (23)

IL (704)

IM (49)

IN (452)

IO (742)

IQ (427)

IR (357)

IS (260)

IT (141)

JE (306)

JM (349)

JO (811)

JP (654)

KE (709)

KG (359)

KH (386)

KI (593)

KM (86)

KN (824)

KP (311)

KR (338)

KW (26)

KY (976)

KZ (615)

LA (868)

LB (909)

LC (634)

LI (382)

LK (610)

LR (629)

LS (2)

LT (335)

LU (475)

LV (999)

LY (417)

MA (386)

MC (452)

MD (663)

ME (22)

MF (93)

MG (137)

MH (251)

MK (462)

ML (977)

MM (684)

MN (255)

MO (230)

MP (586)

MQ (228)

MR (545)

MS (760)

MT (614)

MU (693)

MV (469)

MW (524)

MX (498)

MY (457)

MZ (392)

NA (545)

NC (149)

NE (356)

NF (24)

NG (855)

NI (711)

NL (329)

NO (621)

NP (586)

NR (464)

NU (112)

NZ (25)

OM (682)

PA (110)

PE (609)

PF (43)

PG (586)

PH (785)

PK (439)

PL (610)

PM (669)

PN (768)

PR (326)

PS (849)

PT (509)

PW (27)

PY (657)

QA (839)

RE (290)

RO (628)

RS (903)

RU (295)

RW (650)

SA (675)

SB (327)

SC (535)

SD (373)

SE (418)

SG (948)

SH (340)

SI (754)

SJ (592)

SK (855)

SL (837)

SM (775)

SN (971)

SO (313)

SR (815)

SS (881)

ST (962)

SV (430)

SX (273)

SY (102)

SZ (518)

TC (343)

TD (250)

TF (434)

TG (866)

TH (639)

TJ (67)

TK (442)

TL (461)

TM (517)

TN (109)

TO (615)

TR (94)

TT (92)

TV (848)

TW (748)

TZ (878)

UA (409)

UG (943)

UM (145)

US (141)

UY (711)

UZ (549)

VA (555)

VC (434)

VE (184)

VG (866)

VI (687)

VN (528)

VU (446)

WF (424)

WS (337)

XK (370)

YE (956)

YT (587)

ZA (525)

ZM (586)

ZW (221)