Stealthy WailingCrab Malware misuses MQTT Messaging Protocol [Thursday, November 23, 2023]

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol [Thursday, November 23, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

Description :
WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker tracked as Hive0133, which overlaps with TA544. WailingCrab was first observed in December 2022, and since then it has been used extensively in email campaigns to deliver the Gozi backdoor often against Italian targets. In recent months, Hive0133 has targeted organizations beyond Italy with email campaigns delivering WailingCrab, frequently using themes such as overdue delivery or shipping invoices.

Published :
2023-11-23T08:33:40.564Z

Created :
2023-11-23T08:33:40.564Z

Modified :
2023-11-23T08:58:54.930Z

Tags

  • backdoor
  • loader
  • wailingcrab
  • hive0133
  • mqtt
  • ta544

Indicators

URLs :
  • https://advocates4consumerprotection.com/wp-includes/js/tinymce/skins/iudjh9iwd182.php?id=1
  • https://vivalisme.fr/forms/forms/kiikxnmlogx/frrydjqb/vendor/9818hd218hd21.php?id=1
  • https://www.p-e-c.nl/wp-content/themes/twentytwentyone/hudiiiwj1.php?id=1
  • https://epikurgroup.com/plugins/content/jw_allvideos/jw_allvideos/tmpl/Responsive/oiyqnk182.php?id=1
  • https://tournadre.dc1-mtp.fr/wp-content/plugins/kona-instagram-feed-for-gutenbargwfn/4dionaq9d0219d.php?id=1
  • https://rgjllc.pro/wp-content/themes/sydney/inc/notices/uiqbw123udibjk1d2.php?id=1
  • https://inspiration-canopee.fr/vendor/fields/assets/idnileeal/sifyhewmiyq/3jnd9021j9dj129.php?id=1
Domains :
  • broker.emqx.io
Hashes :
  • 50810e4696dd075ca23349e3e1c3a87fc7b46ab89f4b1eb093a5cfb74f84cc51
  • 9d80eb4be1e9139a03a6aa3f053fec14ed1880251b1f13d85d84d7d64dddd581
Attacks Pattern :
  • T1056
  • T1055
  • T1070
  • T1566
  • T1106
  • T1574
  • T1104
  • T1102
  • T1071
  • T1140
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.