MAL_Wineloader_Backdoor_Mar24

Rule Info

Name
MAL_Wineloader_Backdoor_Mar24
Author
X__Junior
Description
Detects WINELOADER backdoor that targeted officials from countries with Indian diplomatic missions, although VirusTotal submissions indicate a specific focus on European diplomats
Score
80
Reference
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader
Date
2024-03-12
Minimum Yara
3.5.0
Rule Hash
f3979d03cb327b558c26db4f490f6bce
Tags
['MAL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_wineloader_backdoor_mar24/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
2
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2025-03-13 15:11:38
2
74
adfe0ef4ef181c4b19437100153e9fe7aed119f5049e5489a36692757460b9f8
2024-06-05 18:42:07
52
72
72b92683052e0c813890caf7b4f8bfd331a8b2afc324dd545d46138f677178c4
2024-04-20 03:07:40
44
70
c67c618fb0e5e9957c241582790423336c79b5087fc2040d7d17f3e4036b96fd
2024-04-17 21:06:51
35
71
f5cb3234eff0dbbd653d5cdce1d4b1026fa9574ebeaf16aaae3d4e921b6a7f9d
2024-04-12 07:13:42
2
67
1f123f8e82310161e2e0ebf0420d3b5f3dd932f26b93eedb2b01f5abe77450d7
2024-04-12 06:17:29
0
70
27c0935a22862475bb3fd516f93bd466f8021f77727e83f53d67d76978b439ee
2024-03-22 20:01:56
40
71
d0a8fa332950b72968bdd1c8a1a0824dd479220d044e8c89a7dea4434b741750

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022