Supports a plugin system for adding ransomware, DDoS capabilities, and data theft modules. Evasion Techniques:
It uses encrypted AES packets to communicate with a Command and Control (C2) server and can leverage the Telegram API for covert data stealing. System Disruption: xworm v31 updated
Law enforcement has struggled to disrupt XWorm because its C2 infrastructure relies on decentralized bulletproof hosting and Tor v3 onions. As of this writing, there are over scanning for vulnerable RDP and MySQL servers globally. Supports a plugin system for adding ransomware, DDoS