wkhpd.exe

Malware updated 5 months ago (2024-05-04T18:52:24.122Z)

Download STIX

Preview STIX

wkhpd.exe is a malicious software (malware) that was created and used by Advanced Persistent Threat (APT) actors. This malware is a variant of Metasploit's Meterpreter, which was specifically designed to exploit the ServiceDesk system. The creation and use of this malware were first identified on February 3, 2023, at 15:12:23. It was found to be communicating with a known malicious IP address, 108.62.118[.]160, indicating its potential use in coordinating cyber-attacks or illicit activities. The malware operates by connecting and receiving unencrypted payloads from its command and control (C2) servers. This allows the APT actors to remotely control infected systems, potentially leading to unauthorized access, data theft, and disruption of operations. The wkhpd.exe malware is often distributed through suspicious downloads, emails, or websites, making it a significant threat to unsuspecting users and vulnerable systems. In addition to wkhpd.exe, another file named bitmap.exe was also identified as a variant of Metasploit's Meterpreter. Both these files are designed to perform similar functions, suggesting a coordinated attack strategy by the same group of APT actors. As such, it is crucial for organizations to enhance their cybersecurity measures, including regular system checks and updates, to mitigate the risk posed by these malicious programs.

Description last updated: 2024-05-04T17:33:55.107Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Meterpreter is a possible alias for wkhpd.exe. Meterpreter is a type of malware that is part of the Metasploit penetration testing software. It serves as an attack payload and provides an interactive shell, allowing threat actors to control and execute code on a compromised system. Advanced Persistent Threat (APT) actors have created and used a	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

t1587.001

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the wkhpd.exe Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	a year ago	Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 \| CISA
CERT-EU	a year ago	Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 – Cybersafe NV
CISA	a year ago	MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 \| CISA