By ARC Labs contributor, Shannon Mong ARC Labs recently analyzed a sample of the Wineloader backdoor for infection chain analysis and detection opportunities to help defenders protect their organizations. Through this analysis, ARC Labs is providing defenders with general detection guidance and specific KQL queries to detect Wineloader activity within Microsoft Sentinel.
Source: Binary Defense