XWorm2

XWorm .NET 2022 TurkoRat forum. SHN2026 VBS delivery. neuroprostheses.Ru C2. Keylogger+clipboard+RAT. AveStealer base.

Threat Profile
Type RAT
Programming LanguageVBScript/.NET
C2 ProtocolTCP
First Seen2022
Targets LATAM/Ispanya
Purpose / Capabilities
  • Remote Access

C2 Servers 1

Address Port Protocol Status Action
neuroprostheses.ru
443 HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (2)

High

XWorm -- SHN2026000000026.vbs Sıralı VBS, neuroprostheses.Ru Rusça C2 | Yüksek

XWorm 1.6MB SHN2026000000026.vbs sıralı sevkiyat VBS. neuroprostheses.Ru Rusya .ru TLD C2 domain.

Read Report →
High

XWorm 2 -- FORMULARIO BANCARIO VBS 2.5MB İspanyolca Banka Formu, photopolymer | Yüksek

XWorm2 FORMULARIO BANCARIO.vbs 2.5MB. İspanyolca banka formu lure. VBS obfuskasyon.

Read Report →