Wailingcrab

Malware updated 24 days ago (2024-10-17T13:01:12.232Z)
Download STIX
Preview STIX
WailingCrab, a malware variant also known as WikiLoader, was first identified in December 2022 by Proofpoint. The stealthy malware has been extensively used in email campaigns to deliver the Gozi backdoor, particularly targeting Italian entities. It was discovered by the Unit 42 Managed Threat Hunting team being delivered via SEO poisoning and spoofing of GlobalProtect VPN software. In addition, WailingCrab misuses the MQTT Messaging Protocol, a finding highlighted in an IBM X-Force report. Interestingly, threat actors have begun using platforms like Discord for hosting malware, leading to the developers of WailingCrab adopting alternative approaches. Persistent updates have been made to the malware by the TA544 threat operation, also known as Zeus Panda and Bamboo Spider, according to a report from SC Magazine on November 27, 2023. These updates have enhanced the stealthiness of attacks, which are primarily facilitated through shipping-themed emails. The latest version of WailingCrab leverages hacked websites for initial command-and-control communications and embeds an AES-encrypted backdoor within the malware itself, rather than relying on a separate downloader component as in previous versions. The evolution and sophistication of WailingCrab underscore the importance of vigilance and proactive measures in combating such threats. Organizations need to stay alert to the risks posed by this and other evolving malware threats. By scrutinizing file downloads from domains like Discord, implementing robust cybersecurity measures, and maintaining up-to-date knowledge of threat operations, organizations can minimize the risk of falling victim to WailingCrab and similar malicious software.
Description last updated: 2024-10-17T12:11:58.020Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Wikiloader is a possible alias for Wailingcrab. WikiLoader, also known as WailingCrab, is a downloader malware first discovered in 2022 by Proofpoint and made public in 2023. This sophisticated malicious software is typically sold in underground marketplaces by an initial access broker (IAB) and is often spread through traditional phishing techni
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Loader
Downloader
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Wailingcrab Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more