WikiLoader Delivery Spikes in February 2024
ID: 79ccc01b-b4d8-506c-a5c3-adb0c3b2cf6d
STIX ID: report--79ccc01b-b4d8-506c-a5c3-adb0c3b2cf6d
Feed Name: EclecticIQ
EclecticIQ analysts report an observed spike in WikiLoader deliveries in February 2024; WikiLoader is a MaaS downloader used to deploy payloads such as the Ursnif banking trojan. The report details typical infection chains (phishing PDFs linking to obfuscated JavaScript, macro-enabled documents, OneNote-embedded executables), notes links to financially-motivated groups TA544 and TA551, maps relevant MITRE ATT&CK techniques, and provides detection and mitigation recommendations including Sigma detections, application whitelisting, and disabling macros.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.