Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry Threat acto...
https://cybersecuritynews.com/threat-actors-leveraging-modified-version-of-sharphide/
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Event Attributes
https://cybersecuritynews.com/threat-actors-leveraging-modified-version-of-sharphide/
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Event Attributes
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry
cybersecuritynews.com
February 17, 2025 at 7:41 AM
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry Threat acto...
https://cybersecuritynews.com/threat-actors-leveraging-modified-version-of-sharphide/
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Event Attributes
https://cybersecuritynews.com/threat-actors-leveraging-modified-version-of-sharphide/
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Event Attributes
Proofpoint tracks this variant of XWorm as “P0WER” due to that is uses this string as AES Key. This variant always uses SharpHide for persistence by setting up a hidden registry key that will execute another remote PowerShell script on each boot to run XWorm again.
October 20, 2025 at 9:31 PM
Proofpoint tracks this variant of XWorm as “P0WER” due to that is uses this string as AES Key. This variant always uses SharpHide for persistence by setting up a hidden registry key that will execute another remote PowerShell script on each boot to run XWorm again.
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry
cybersecuritynews.com
February 17, 2025 at 7:19 AM
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry
Mirrorface colpisce Giappone e Taiwan con malware avanzati ANEL e Roamingmouse: obiettivo spionaggio su enti pubblici e infrastrutture
#ANEL #apt10 #giappone #guerracibernetica #MirrorFace #NOOPDOOR #ROAMINGMOUSE #SharpHide #taiwan
www.matricedigitale.it/sicurezza-in...
#ANEL #apt10 #giappone #guerracibernetica #MirrorFace #NOOPDOOR #ROAMINGMOUSE #SharpHide #taiwan
www.matricedigitale.it/sicurezza-in...
May 9, 2025 at 7:18 AM
Mirrorface colpisce Giappone e Taiwan con malware avanzati ANEL e Roamingmouse: obiettivo spionaggio su enti pubblici e infrastrutture
#ANEL #apt10 #giappone #guerracibernetica #MirrorFace #NOOPDOOR #ROAMINGMOUSE #SharpHide #taiwan
www.matricedigitale.it/sicurezza-in...
#ANEL #apt10 #giappone #guerracibernetica #MirrorFace #NOOPDOOR #ROAMINGMOUSE #SharpHide #taiwan
www.matricedigitale.it/sicurezza-in...
Click Payload: hxxp://94[.]159[.]113[.]37/ssd.png | b6956f45bd3c7b3009a31f0caf087d0686e60ee96978766a9f6477b8b093eace
XWorm C2: 85[.]208[.]84[.]208:4411
SharpHide Payload: 85[.]208[.]84[.]208/x.jpg
XWorm C2: 85[.]208[.]84[.]208:4411
SharpHide Payload: 85[.]208[.]84[.]208/x.jpg
October 20, 2025 at 9:31 PM
Click Payload: hxxp://94[.]159[.]113[.]37/ssd.png | b6956f45bd3c7b3009a31f0caf087d0686e60ee96978766a9f6477b8b093eace
XWorm C2: 85[.]208[.]84[.]208:4411
SharpHide Payload: 85[.]208[.]84[.]208/x.jpg
XWorm C2: 85[.]208[.]84[.]208:4411
SharpHide Payload: 85[.]208[.]84[.]208/x.jpg