Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

1(520) 261-1728

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

A variant of WikiLoader loader for rent, also known as WailingCrab, is being delivered via SEO poisoning and spoofing of GlobalProtect VPN software. The campaign primarily affects U.S. higher education and transportation sectors. The infection chain involves multiple stages, including DLL sideloading, shellcode injection, and the use of MQTT for command and control. The attackers employ various evasion techniques, such as fake error messages, process checking, and encryption. The loader demonstrates sophisticated tradecraft, including the use of compromised WordPress sites and cloud-based Git repositories for infrastructure. Author: AlienVault

Related Tags:
WikiLoader

GlobalProtect

T1027.002

DLL Sideloading

T1204.002

T1547.001

WailingCrab

Transportation

T1574.002

Associated Indicators:
2B8B3F5B692F716116A1468B8D7B273BAF7A6CEF0726E831CD307D2F2C7452EC

A001642046A6E99AB2B412D96020A243A221E3819EAAC94AB3251FAD7D20614B

69A94BBED366BFD917DFD8FB6E5FD7BA52E2DBF338EDD0C259654981060943C8

EC59616B1C80951D6597D4F25A9C031BE0391151DC1073A5BECE466473F0BDFE

66735D0178BADF035BE0E142F4FB8E23D860BFC9BBDC3E12AD1F2764DE91EE9B

6AA4A830AA8D89B629FE87D3D3E986042215B5BCD670417933FCA854B6DD58D9

4F573AB13882EFA234A79483D305B3001CB09C0A166FF94C925844B860162415

82EC4E1A6DDF6EEB4030D6DD698F4576D0445D4D5722D5C60B0CC74AC501BB85

F1A49CEA454BAC3E78AC765B247B65D00C896D84DE2028892B00D4310453C665

Threat Intel Solutions

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us