#Wikiloader #TA544 malspam spotted in #Italy 🇮🇹

EML>.pdf>url>.zip>.js>notepad.exe

🔗s://diretkontakt,com/Quote-Services

Notepad++ comprometido en el ataque de malware 'WikiLoader' y DLL Hijacking bit.ly/49Wh69b

El popular editor de texto Notepad++ se ve afectado por el malware 'WikiLoader'

Secuestro de DLL

Atacantes modificaron librería plugins 'mimeTools.dll', para ejecutar código malicioso cada vez que se inicia el editor de texto
securityonline.info/popular-text-e…

#100DaysofYARA Day38: Detecting WikiLoader

github.com/RustyNoob-619/…

Thanks to proxylife & Mangusta for sharing the malware samples 🐧

Just released - HP's Q4 2023 Wolf Security Threat Insights Report. Q4 saw a 7% point rise in PDF threats compared to Q1 2023. We also saw malware, including WikiLoader, Ursnif and DarkGate, increasingly spread through PDF documents. Download: imptr.io/88ky

Just released - HP's Q4 2023 Wolf Security Threat Insights Report. Q4 saw a 7% point rise in PDF threats compared to Q1 2023. We also saw malware, including WikiLoader, Ursnif and DarkGate, increasingly spread through PDF documents. Download: imptr.io/88kl

#WikiLoader - #TA544 - .pdf > url > .zip > .js > .js > .dll

wscript Invoice_818493.js

wscript out.js

C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇

\npp.8.6.3.portable.x64\plugins\mimeTools.dll

(1/3) 👇

IOC's
github.com/pr0xylife/Wiki…

#WikiLoader #malware

Just released - HP's Q4 2023 Wolf Security Threat Insights Report. Q4 saw a 7% point rise in PDF threats compared to Q1 2023. We also saw malware, including WikiLoader, Ursnif and DarkGate, increasingly spread through PDF documents. Download: imptr.io/88kx

“Totally Unexpected” Package Malware Using Modified Notepad++ Plug-in (WikiLoader) asec.ahnlab.com/en/64106/ #Pentesting #Malware #CyberSecurity #Infosec

Proofpoint researchers have identified a new sophisticated downloader they call WikiLoader. The malware contains interesting evasion techniques and custom implementation of code designed to make detection and analysis challenging. proofpoint.com/us/blog/threat…

Just released - HP's Q4 2023 Wolf Security Threat Insights Report. Q4 saw a 7% point rise in PDF threats compared to Q1 2023. We also saw malware, including WikiLoader, Ursnif and DarkGate, increasingly spread through PDF documents. Download: imptr.io/88l0

Out of the Sandbox: WikiLoader Digs Sophisticated Evasion proofpoint.com/us/blog/threat… #Pentesting #Sandbox #CyberSecurity #Infosec

#WikiLoader - #TA544 - .pdf > url > .zip > .js > .js > .dll

wscript.exe Invoice-808.js

wscript.exe sso.js

C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇

\npp.8.6.3.portable.x64\plugins\mimeTools.dll

(1/3)👇

IOC's
github.com/pr0xylife/Wiki…

#WikiLoader - #TA544 - .pdf > url > .zip > .js > .js > .dll

wscript Inv_03_20_2024.js

wscript confidential-legal.js

C:\Users\Admin\AppData\Local\Temp\npp.8.6.4.portable.x64\notepad.exe (sideload)👇

\npp.8.6.3.portable.x64\plugins\mimeTools.dll

IOC's
github.com/pr0xylife/Wiki…

Too in #italy #WikiLoader - #TA544 #quickbooks

'Invoice Reminder: Your payment to Allen&Overy LLP '
EML>PDF>url>zip>js>js>dll

⚠️zip Url
https[:]//infplaute[.]com/international-commercial

❇️Samples
bazaar.abuse.ch/browse/tag/Wik…

Notepad++ を侵害する WikiLoader というマルウェア：DLL ハイジャックで C2 通信
iototsecnews.jp/2024/04/14/pop…
#AhnLab #CyberAttack #DLLHijacking #Malware #Notepad #RAT #Scammer #TTP #WikiLoader

#Notepad ++ Plugin Installer Compromised: #WikiLoader #Malware Deployed
asec.ahnlab.com/en/64106/

2024-01-17 (Wednesday): Emails push #WikiLoader through PDF attachments. Some indicators available at bit.ly/3tXa2Ko

#Unit42ThreatIntel #TimelyThreatIntel #IndicatorsOfCompromise #Wireshark #InfectionTraffic

🔎 Se ha observado un nuevo downloader denominado WikiLoader que ha sido detectado en varias campañas dirigidas específicamente a organizaciones financieras en Italia. Este está relacionado con el actor de amenaza (TA) conocido como TA544.
👉 Más info: csirtasobancaria.com/sala-de-prensa…