How TA584 Leverages Tsundere Bot and XWorm for Ransomware Attacks

The TA584 threat group, acting as a high‑activity initial‑access broker, now employs the Tsundere Bot and XWorm remote‑access trojans in a multi‑stage phishing chain that culminates in ransomware deployment, with Proofpoint noting a two‑fold activity surge and expanded geographic reach in 2025.

C2 infrastructureTA584Tsundere Bot

0 likes · 5 min read

How TA584 Leverages Tsundere Bot and XWorm for Ransomware Attacks

Architect

Dec 11, 2015 · Information Security

Detailed Analysis of a Targeted Trojan Distributed via a Fake Interview Outline

The article presents a comprehensive technical analysis of a sophisticated Windows trojan that masquerades as a Word document, detailing its delivery method, file extraction process, registry modifications, remote‑control capabilities, and the organized, targeted attack infrastructure behind it.

C2 infrastructureRemote accessWindows

0 likes · 10 min read

Detailed Analysis of a Targeted Trojan Distributed via a Fake Interview Outline