Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
March 22, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
March 22, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
March 22, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
March 22, 2022Severity
Medium
Analysis Summary
Since 2019, Guloader has been in operation as a downloader. GuLoader spreads through spam campaigns with malicious archived attachments. GuLoader downloads the bulk of malware, with the most frequent being AgentTesla, FormBook, and NanoCore. The encrypted payloads of this downloader are usually saved on Google Drive. It also got its payloads from Microsoft OneDrive and websites that were controlled by an attacker. GuLoader can avoid network-based detection by using genuine file-sharing websites, which aren’t often filtered or inspected in corporate contexts.
Impact
- Information Theft
- Security Bypass
Indicators of Compromise
MD5
- 7e5f7597208acf6ff5ece4b5ebf93f74
SHA-256
- ad33454375e29e06f6a4756f177a73a0f89759953912f22d31ed18ede9f26f7a
SHA-1
- 69cf573e05266aeb9a81b9a44f3a42976d7356b9
Remediation
- Search for IOCs in your environment.
- Block all the threat indicators at your respective controls.