← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
WINELOADER Analysis | ThreatLabz
WHITE CyberHunter_NL 2024-03-01 Modified: 2024-03-01
18
IOCs
MEDIUM VOLUME
wineloaderhta filerc4 keyc2 serverpdf filezip archivefiguredll sideloadingwineloader coredll hollowingfebruarystringswin64inject
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
WINELOADER
Indicators of Compromise (18)
All FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 1c7593078f69f642b3442dc558cddff4347334ed7c96cd096367afd08dca67bc 2024-03-01
FileHash-SHA256 3739b2eae11c8367b576869b68d502b97676fb68d18cc0045f661fbe354afcb9 2024-03-01
FileHash-SHA256 72b92683052e0c813890caf7b4f8bfd331a8b2afc324dd545d46138f677178c4 2024-03-01
FileHash-SHA256 7600d4bb4e159b38408cb4f3a4fa19a5526eec0051c8c508ef1045f75b0f6083 2024-03-01
FileHash-SHA256 ad43bbb21e2524a71bad5312a7b74af223090a8375f586d65ff239410bbd81a7 2024-03-01
FileHash-SHA256 b014cdff3ac877bdd329ca0c02bdd604817e7af36ad82f912132c50355af0920 2024-03-01
FileHash-SHA256 c1223aa67a72e6c4a9a61bf3733b68bfbe08add41b73ad133a7c640ba265a19e 2024-03-01
FileHash-SHA256 e477f52a5f67830d81cf417434991fe088bfec21984514a5ee22c1bcffe1f2bc 2024-03-01
FileHash-SHA256 f61cee951b7024fca048175ca0606bfd550437f5ba2824c50d10bef8fb54ca45 2024-03-01
URL http://seeceafcleaners.co.uk/cert.php 2024-03-01
URL https://castechtools.com/api.php 2024-03-01
URL https://passatempobasico.com.br/wine.php 2024-03-01
URL https://seeceafcleaners.co.uk/cert.php 2024-03-01
URL https://seeceafcleaners.co.uk/wine.php 2024-03-01
domain castechtools.com 2024-03-01
domain obfuscator.io 2024-03-01
domain passatempobasico.com.br 2024-03-01
domain seeceafcleaners.co.uk 2024-03-01
References (1)
↗ https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader