Wineloader

Malware updated 10 days ago (2025-08-26T09:27:37.218Z)

Download STIX

Preview STIX

Not enough context has been learned about Wineloader for a description yet. However we're tracking it as a Malware profile. Malware: Malware, short for malicious software, is a harmful program designed to exploit and damage your computer or device. It can infect your system through suspicious downloads, emails, or websites, often without your knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom.

Description last updated:

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Payload

Malware

Windows

Loader

Tool

Phishing

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Rootsaw Malware is associated with Wineloader. Rootsaw, also known as EnvyScout, is a first-stage payload malware extensively used by state-sponsored group APT29 for their initial access efforts in collecting foreign political intelligence. The malware is typically deployed via phishing emails with HTML file attachments or .HTA files, which exec	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The APT29 Threat Actor is associated with Wineloader. APT29, also known as Midnight Blizzard and linked to Russia's Foreign Intelligence Service (SVR), is a notorious threat actor that has been implicated in several high-profile cyberattacks. The group has demonstrated sophisticated capabilities, exploiting vulnerabilities such as the WinRAR 0day flaw	Unspecified	3

Source Document References

Information about the Wineloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	4 months ago	Russia-linked APT29 targets European diplomatic entities with GRAPELOADER
InfoSecurity-magazine	5 months ago	Midnight Blizzard Targets European Diplomats with Wine Tasting Lure
Checkpoint	5 months ago	Renewed APT29 Phishing Campaign Against European Diplomats - Check Point Research
InfoSecurity-magazine	a year ago	Russian APT29 Group Targets German Politicians
Securityaffairs	2 years ago	New SPIKEDWINE APT group is targeting officials in Europe
DARKReading	2 years ago	Cyberattackers Lure EU Diplomats With Wine-Tasting Offers