Skip to content

Commit

Permalink
Updated 2024-01-17-IOCs-for-WikiLoader-activity.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored Jan 18, 2024
1 parent 6647ca4 commit 49ae913
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion 2024-01-17-IOCs-for-WikiLoader-activity.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
2024-01-17 (WEDNESDAY): MALSPAM PUSHES WIKILOADER

REFERENCES:

- https://www.linkedin.com/posts/unit42_wikiloader-unit42threatintel-timelythreatintel-activity-7153818846691266561-GUgO
- https://twitter.com/Unit42_Intel/status/1748053225100451973

NOTES:

- Different SHA256 hashes every infection for most (or all) files seen during this chain of events
Expand Down Expand Up @@ -130,4 +135,4 @@ TRAFFIC LOGGED FROM AN INFECTED WINDOWS HOST:
- 2024-01-17 19:33:37 UTC - 54.146.113[.]169 port 1883 - broker.emqx[.]io - encoded TCP traffic
- 2024-01-17 19:43:51 UTC - 54.146.113[.]169 port 1883 - broker.emqx[.]io - encoded TCP traffic
- 2024-01-17 19:54:05 UTC - 54.146.113[.]169 port 1883 - broker.emqx[.]io - encoded TCP traffic
- 2024-01-17 20:04:20 UTC - 54.146.113[.]169 port 1883 - broker.emqx[.]io - encoded TCP traffic
- 2024-01-17 20:04:20 UTC - 54.146.113[.]169 port 1883 - broker.emqx[.]io - encoded TCP traffic

0 comments on commit 49ae913

Please sign in to comment.