Rewterz Threat Alert – Quasar RAT – Active IOCs
March 14, 2022Rewterz Threat Alert – RU Ransomware – Active IOCs
March 14, 2022Rewterz Threat Alert – Quasar RAT – Active IOCs
March 14, 2022Rewterz Threat Alert – RU Ransomware – Active IOCs
March 14, 2022Severity
Medium
Analysis Summary
Since 2019, Guloader has been in operation as a downloader. GuLoader spreads through spam campaigns with malicious archived attachments. GuLoader downloads the bulk of malware, with the most frequent being AgentTesla, FormBook, and NanoCore. The encrypted payloads of this downloader are usually saved on Google Drive. It also acquired its payloads from Microsoft OneDrive and an attacker-controlled website.
GuLoader can avoid network-based detection by using genuine file-sharing websites, which aren’t often filtered or inspected in corporate contexts.
Impact
- Information Theft
- Security Bypass
Indicators of Compromise
MD5
- 4cb9e2f765041f74d74e4635144ce621
SHA-256
- bd068442713d668c544ed7c9b439e27121b33ac1573b12c95c7ff7ca8003d283
SHA-1
- 472ee254ad0196a8a80517d19d2d2f3f0df1fdd7
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.