WINELOADER

Description

(Mandiant) WINELOADER is likely a variant of the non-public historic BURNTBATTER and MUSKYBEAT code families which Mandiant uniquely associates with APT29. It shares a similar design and pattern, specifically around the invocation of the malware and the anti-analysis techniques used. However, the code family itself is considerably more customized than the previous variants, as it no longer uses publicly available loaders like DONUT or DAVESHELL and implements a unique C2 mechanism.

Names

Name
WINELOADER

Type

Backdoor

Information

https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties
https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.wineloader

Other Information

Uuid

c4851564-852e-49a5-b733-a8a4013dd06b

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

WINELOADER

WINELOADER

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks