Updated !new!: Xworm V31

Connects to a Command-and-Control (C2) server via encrypted TCP ports to receive instructions.

Usually delivered via a malicious Excel 4.0 macro or a fake PDF invoice. The dropper is a tiny .NET stub that checks if the system is a Virtual Machine (VM) by querying the BIOS serial number. xworm v31 updated

If you are not running a modern EDR with behavioral heuristics, and if your users are not trained to spot ISO/LNK phishing lures, you are vulnerable. Update your defenses today, because the worm is turning—faster than ever. Connects to a Command-and-Control (C2) server via encrypted