← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery
WHITE ChrisTan0 2025-08-28 Modified: 2025-09-27
10
IOCs
LOW VOLUME
trustwavelogindemospiderlabs teamdiscoverya levelbluecompanyscreen connectcampaign abusesaithemed lurestestvirustotalpythonglobalmaliciousaugusttrojandefenderxwormbeyondencrypthubshell
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (10)
All URL domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://5.181.165.102:7705 2025-08-28
URL http://busercontent.com/trieule99911/vianhthuongbtc/refs/heads/main/Nhwneafyp.txt 2025-08-28
URL https://anhemvn4.com/5btc.zip 2025-08-28
URL https://anhemvn6.com 2025-08-28
URL https://gptgrok.ai 2025-08-28
domain anhemvn4.com 2025-08-28
domain anhemvn6.com 2025-08-28
domain busercontent.com 2025-08-28
domain gptgrok.ai 2025-08-28
domain gtpgrok.ai 2025-08-28
References (1)
↗ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-screen-connect-campaign-abuses-ai-themed-lures-for-xworm-delivery/