Tagged articles

TA584

1 articles · Page 1 of 1
Black & White Path
Black & White Path
Feb 15, 2026 · Information Security

How TA584 Leverages Tsundere Bot and XWorm for Ransomware Attacks

The TA584 threat group, acting as a high‑activity initial‑access broker, now employs the Tsundere Bot and XWorm remote‑access trojans in a multi‑stage phishing chain that culminates in ransomware deployment, with Proofpoint noting a two‑fold activity surge and expanded geographic reach in 2025.

C2 infrastructureMalware AnalysisTA584
0 likes · 5 min read
How TA584 Leverages Tsundere Bot and XWorm for Ransomware Attacks