ioc[.]one - OSINT Cyber Threat Intelligence Database

Cloud-Based Malware Delivery: The Evolution of GuLoader - Check Point Research

Tags

cmtmf-attack-pattern:	Code Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Cloud Services - T1021.007 Code Injection - T1540 Hardware - T1592.001 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Trap - T1546.005 Tool - T1588.002 Hooking - T1179 Hypervisor - T1062 Powershell - T1086 Trap - T1154 Hooking

Show in Graph

Common Information

Type	Value
UUID	1be1cdc2-beba-4396-bac8-bf9df3c95a21
Fingerprint	8cdd1930e1f6aec5
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 22, 2023, 10:54 a.m.
Added to db	June 5, 2023, 11:31 a.m.
Last updated	Nov. 15, 2024, 12:36 p.m.
Headline	Cloud-Based Malware Delivery: The Evolution of GuLoader
Title	Cloud-Based Malware Delivery: The Evolution of GuLoader - Check Point Research
Detected Hints/Tags/Attributes	66/3/36

Source URLs

	Redirection	Url
Details	Source	https://research.checkpoint.com/2023/cloud-based-malware-delivery-the-evolution-of-guloader/

URL Provider

Details	Provider	Source level domain
Details	checkpoint.com	research.checkpoint.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	204	✔	Check Point Research	https://research.checkpoint.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	194	drive.google.com
Details	Domain	3	evasions.checkpoint.com
Details	Domain	1	anti-debug.checkpoint.com
Details	Domain	1	matesindgimiere.nl
Details	Domain	1	klshsshadrive.google.com
Details	Domain	1	appesnondrive.google.com
Details	Domain	7	dropper.win
Details	File	1	cpu.html
Details	File	1	timing.html
Details	File	4	c:\program files\qemu-ga\qemu-ga.exe
Details	File	4	c:\program files\qga\qga.exe
Details	File	1	ui-artifacts.html
Details	File	1	process-memory.html
Details	File	1	interactive.html
Details	File	1	cbwptnkqeaygeixinb73.inf
Details	File	1	xgsumrohlwk92.bin
Details	File	1	kzdkfdcktkjdspwpqkkt70.bin
Details	md5	1	141da1d174041a32cc6a234d80d0b850
Details	md5	1	bcea24378a2134429ca82164827f1c25
Details	md5	2	40b9ca22013d02303d49d8f922ac2739
Details	md5	1	9623c946671c6ec7a30b7c45125d5d48
Details	md5	1	d5335a1ec161a8430e564bc66c16f894
Details	md5	1	c6e068ce04fb4959e2e6daaebac8d893
Details	md5	1	66274853e6f35e3fef0645a6587cb892
Details	sha256	1	5fcfdf0e241a0347f9ff9caa897649e7fe8f25757b39c61afddbe288202696d5
Details	IPv4	4	34.138.169.8
Details	IPv4	1	45.88.66.147
Details	Url	1	https://drive.google.com/uc?export=download&id=1bz2bjvzqomdwarpjitzkeiwa42w1dj9q
Details	Url	1	https://drive.google.com/uc?export=download&id=1sotwv6y3rkbbbmmcbmowovcqxxu4uqrb
Details	Url	1	https://evasions.checkpoint.com/techniques/cpu.html#check
Details	Url	1	https://evasions.checkpoint.com/techniques/timing.html#rdtsc
Details	Url	1	https://evasions.checkpoint.com/techniques/ui-artifacts.html#check
Details	Url	1	https://anti-debug.checkpoint.com/techniques/process-memory.html#patch_ntdll_dbgbreakpoint
Details	Url	1	https://anti-debug.checkpoint.com/techniques/process-memory.html#patch_ntdll_dbguiremotebreakin
Details	Url	1	https://anti-debug.checkpoint.com/techniques/interactive.html#ntsetinformationthread
Details	Url	1	http://34.138.169.8/wp-content/themes/seotheme/cbwptnkqeaygeixinb73.inf