Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

XCSSET Shows How Threat Actors Cope with OS Changes, Does Away with Python Like macOS

XCSSET first appeared in 2020.1 But it fell off cybersecurity researchers’ radar last year after macOS Monterey discontinued its support for Python—the malware’s primary language. Since April this year, however, XCSSET minus Python has resurfaced.2

Using eight domains and one IP address SentinelOne identified as indicators of compromise (IoCs) as a jump-off point, our deep dive allowed us to build detailed threat research materials that revealed:

  • Additional domains hosted on the same IP address
  • More than 100 additional domains that contained the same strings as the IoCs
  • Unredacted email addresses used to register the additional domains
  • Nearly 1,000 additional domains that shared the unredacted email addresses
  • More than 20 of the total number of additional domains dubbed “malicious” by various malware engines

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1]
  • [2]
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.