Wineloader - Analysis of the Infection Chain | Binary Defense
Tags
| country: | India |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Direct Javascript - T1059.007 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Scheduled Task - T1053.005 Software - T1592.002 Tool - T1588.002 Mshta - T1170 Scheduled Task - T1053 |
Common Information
| Type | Value |
|---|---|
| UUID | 04b57e5c-e08b-45a9-b73a-ebd8b3924d4f |
| Fingerprint | b40f99b90ab48fc9 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | June 4, 2024, 2 p.m. |
| Added to db | Aug. 31, 2024, 9:06 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Wineloader – Analysis of the Infection Chain |
| Title | Wineloader - Analysis of the Infection Chain | Binary Defense |
| Detected Hints/Tags/Attributes | 51/3/12 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 275 | ✔ | Binary Defense | https://www.binarydefense.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 4127 | github.com |
|
| Details | File | 1 | sqlwiter.exe |
|
| Details | File | 364 | console.log |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 22 | text.txt |
|
| Details | File | 66 | sqlwriter.exe |
|
| Details | File | 69 | vcruntime140.dll |
|
| Details | Github username | 5 | binarydefense |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Url | 1 | https://github.com/binarydefense/arc-labs-hunting-queries. |
|
| Details | Windows Registry Key | 3 | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS |