Tag: wineloader

2 Attack Reports | 0 Vulnerabilities

Attack reports

WINELOADER Analysis

APT29, also known as Cozy Bear, has targeted European diplomats using a sophisticated multi-stage attack chain involving a new modular backdoor called WINELOADER. The attack begins with a fake PDF invitation to a wine-tasting event, which leads to the download of a malicious HTA file. This file the…
backdoor
wineloader
evasion
modular
diplomats
dll side-loading
apt29
cozy bear
2024-11-07
dll hollowing
Published: November 7, 2024
Downloadable IOCs: 0

Wineloader - Analysis of the Infection Chain

The analysis examines the Wineloader backdoor, a modular malware attributed to the APT29 threat group, which allows further tools or modules to be downloaded through an encrypted command and control channel. It starts with a phishing email luring targets with a wine tasting event invitation. Execut…
backdoor
obfuscation
wineloader
persistence
javascript
2024-06-06
sideloading
Published: June 6, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports