Today > vulnerabilities   -   You can now download lists of IOCs here!

Tag: wineloader

2 attack reports | 0 vulnerabilities

Attack reports

WINELOADER Analysis

APT29, also known as Cozy Bear, has targeted European diplomats using a sophisticated multi-stage attack chain involving a new modular backdoor called WINELOADER. The attack begins with a fake PDF invitation to a wine-tasting event, which leads to the download of a malicious HTA file. This file the…

backdoor
wineloader
evasion
modular
diplomats
dll side-loading
apt29
cozy bear
2024-11-07
dll hollowing
Published: November 7, 2024

Downloadable IOCs 0

Wineloader - Analysis of the Infection Chain

The analysis examines the Wineloader backdoor, a modular malware attributed to the APT29 threat group, which allows further tools or modules to be downloaded through an encrypted command and control channel. It starts with a phishing email luring targets with a wine tasting event invitation. Execut…

backdoor
obfuscation
wineloader
persistence
javascript
2024-06-06
sideloading
Published: June 6, 2024

Downloadable IOCs 9

» Click here to see all Attack Reports «