Rewterz Threat Alert – Deep Panda APT Group – Active IOCs
April 5, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
April 5, 2022Rewterz Threat Alert – Deep Panda APT Group – Active IOCs
April 5, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
April 5, 2022Severity
Medium
Analysis Summary
Since 2019, Guloader has been in operation as a downloader. GuLoader spreads through spam campaigns with malicious archived attachments. GuLoader downloads the bulk of malware, with the most frequent being AgentTesla, FormBook, and NanoCore. The encrypted payloads of this downloader are usually saved on Google Drive. It also got its payloads from Microsoft OneDrive and websites that were controlled by an attacker. GuLoader can avoid network-based detection by using genuine file-sharing websites, which aren’t often filtered or inspected in corporate contexts.
Impact
- Information Theft
- Security Bypass
Affected Vendors
- Apache
Indicators of Compromise
MD5
- bc82bb693a44afe85f54cdecf44f77e0
- 8df65c35fa794bf15a61453953afaa32
SHA-256
- c30e68bfc7a97efdbc1d5f01210eb726e3f3cbf41e609f417985b830830d7f0d
- f3a7afe41b3c9c8c497c571fb7e06e434e119e488ebc919c57937eac3a56c15a
SHA-1
- 3654ee62e4f2185b84f03ebf7aa337cc9b035372
- 84b6027a1bb7e178680090e8bc9004f64801efb3
Remediation
- Search for IOCs in your environment.
- Block all the threat indicators at your respective controls.