OTX Bot<p>Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure</p><p>A sophisticated malware campaign has been discovered utilizing paste.ee to distribute XWorm and AsyncRAT. The attackers employ obfuscated JavaScript with Unicode characters to download and execute malicious code from paste.ee URLs. The infrastructure includes multiple C2 servers across Europe and the US, using specific ports and SSL certificates. XWorm, a stealthy RAT, captures keystrokes, exfiltrates data, and maintains persistent remote access. AsyncRAT, an open-source trojan, is also part of the campaign. The attackers use a network of IP addresses and domains, with some hosted by QuadraNet Enterprises LLC and dataforest GmbH. Defenders are advised to block identified domains, monitor suspicious connections, and update security software to detect unusual behavior.</p><p>Pulse ID: 6842cadffd8a660c92f9fecb<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6842cadffd8a660c92f9fecb" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6842c</span><span class="invisible">adffd8a660c92f9fecb</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-06 11:02:55</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/AsyncRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsyncRAT</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Europe</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/Worm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Worm</span></a> <a href="https://social.raytec.co/tags/XWorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XWorm</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>