There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor
ESET researchers have discovered a unique and previously undescribed loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. We have named this new malware Wslink after one of its DLLs.
We have seen only a few hits in our telemetry in the past two years, with detections in Central Europe, North America, and the Midd…