ioc[.]one - OSINT Cyber Threat Intelligence Database

New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia - CyberSRC

Tags

country:	Australia Belgium
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Models Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Seo Poisoning - T1608.006 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Modify Registry - T1112 Powershell - T1086 Remote Access Tools - T1219

Show in Graph

Common Information

Type	Value
UUID	005c1d2a-a908-4714-9090-8a5f67329ff5
Fingerprint	8c201b2a0935fec2
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 12, 2024, 4:19 a.m.
Added to db	Nov. 12, 2024, 6:02 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia
Title	New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia - CyberSRC
Detected Hints/Tags/Attributes	120/3/19

Source URLs

	Redirection	Url
Details	Source	https://cybersrcc.com/2024/11/12/new-gootloader-campaign-targets-users-searching-for-bengal-cat-laws-in-australia/

URL Provider

Details	Provider	Source level domain
Details	cybersrcc.com	cybersrcc.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	94	✔	CyberSRC	https://cybersrcc.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	102		cve-2021-40444
Details	CVE	375		cve-2017-11882
Details	Domain	831		example.com
Details	Domain	1		agreement.doc.zip
Details	File	1		legal_document.zip
Details	File	3		agreement.doc
Details	File	1		legal_info.js
Details	File	1		agreement_script.js
Details	File	4		exploit.ps1
Details	File	1		powershell_script.ps1
Details	File	1208		powershell.exe
Details	File	21		script.ps1
Details	md5	4		5d41402abc4b2a76b9719d911017c592
Details	IPv4	1		185.200.107.35
Details	IPv4	1		104.31.123.45
Details	Url	1		http://example.com/redirect
Details	Windows Registry Key	188		HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	11		HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Details	Yara rule	1		rule GootLoader_Malware { strings: $a = "GootLoader" ascii wide nocase condition: $a }