{"version":"1.0","provider_name":"Imperative Business Ventures Limited","provider_url":"https:\/\/blog.ibvl.in","title":"Want More XWorm?, (Wed, Mar 4th) - Imperative Business Ventures Limited","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"okeYTfSeus\"><a href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/04\/want-more-xworm-wed-mar-4th\/\">Want More XWorm?, (Wed, Mar 4th)<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/04\/want-more-xworm-wed-mar-4th\/embed\/#?secret=okeYTfSeus\" width=\"600\" height=\"338\" title=\"&#8220;Want More XWorm?, (Wed, Mar 4th)&#8221; &#8212; Imperative Business Ventures Limited\" data-secret=\"okeYTfSeus\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script>\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/blog.ibvl.in\/wp-includes\/js\/wp-embed.min.js\n<\/script>\n","description":"And another XWorm[1] wave in the wild!\u00a0This\u00a0malware family\u00a0is not new and heavily spread\u00a0but delivery techniques always evolve and deserve to be described to show you how threat actors can be imaginative! This time, we are facing another piece of multi-technology malware. Here is a quick overview: The Javascript is a classic obfuscated one: No need [&hellip;]","thumbnail_url":"https:\/\/isc.sans.edu\/diaryimages\/images\/isc-20260304-1.png"}