ioc[.]one - OSINT Cyber Threat Intelligence Database

GuLoader: Evolving Tactics in Latest Campaign Targeting European Industry

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Code Injection Command And Scripting Interpreter Process Injection
country:	Germany Kazakhstan Poland Romania
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Code Injection - T1540 Command And Scripting Interpreter - T1623 Debugger Evasion - T1622 Email Addresses - T1589.002 Ingress Tool Transfer - T1544 Junk Data - T1001.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Software - T1592.002 Spearphishing Attachment - T1566.001 Web Protocols - T1071.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 Time Based Evasion - T1497.003 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Remote File Copy - T1105 Powershell - T1086 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 User Execution - T1204 User Execution

Show in Graph

Common Information

Type	Value
UUID	60c9388e-5a43-43ec-bbbf-be3ca1a22979
Fingerprint	8cdd0936289c87ed
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 7, 2024, 11 a.m.
Added to db	Nov. 18, 2024, 10:32 a.m.
Last updated	Nov. 19, 2024, 7 p.m.
Headline	GuLoader: Evolving Tactics in Latest Campaign Targeting European Industry
Title	GuLoader: Evolving Tactics in Latest Campaign Targeting European Industry
Detected Hints/Tags/Attributes	85/4/137

Source URLs

	Redirection	Url
Details	Source	https://www.cadosecurity.com/blog/guloader-targeting-european-industrial-companies

URL Provider

Details	Provider	Source level domain
Details	cadosecurity.com	www.cadosecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	careerfinder.ro
Details	Domain	1	knighting.pro
Details	Domain	1	kighting.pro
Details	Domain	2	filedn.com
Details	Domain	1	inversionesevza.com
Details	Domain	2	cadosecurity.com
Details	Email	1	tgould@cadosecurity.com
Details	File	273	msiexec.exe
Details	File	1	zw_pcce-010023024001.bat
Details	File	1	order_1st.bat
Details	File	1	dokume74247linierelet.bat
Details	File	1	dokume74247liniereletbrunkagerne.bat
Details	File	1	quotation_final_buy_order_list_2024_po_nos_art125673211020240000000000024.bat
Details	File	1	mec20241022001.bat
Details	File	1	nmec20241022001.iso
Details	File	1	654398.bat
Details	File	1	confirmation.bat
Details	File	1	skm_0001810-01-2024-gl-3762.bat
Details	File	1	21102024_0029_18102024_skm_0001810-01-2024-gl-3762.iso
Details	File	1	marss-filtry_zw015010024.bat
Details	File	1	sku_0001710-1-2024-sx-3762.bat
Details	File	1	form.bat
Details	File	1	m60_647746748846748347474.bat
Details	File	1	dhl_shipping_invoices_awb_bl_000000000101620242247820020031808174global180030010162024.bat
Details	File	1	skm_0001810-01-2024-gl-3762.iso
Details	File	1	c:\users\user\appdata\local\temp\stemmeslugerens.bat
Details	File	1	fjeldkammes325545235562377.bat
Details	File	1	fjeldkammes3255452355623.bat
Details	File	1	sku_0001710-1-2024-sx-3762.iso
Details	File	1	dokumenten_tobias.bat
Details	File	1	imeg238668289485293885823085802835025urfjeld.bat
Details	File	1	skm_c250i24100408500.iso
Details	File	1	edc0969388.bat
Details	File	1	bogota.msg
Details	File	1	1st.bat
Details	File	1	smx-0002607-1-2024-up-3762.iso
Details	File	1	a60dbbe88a1c4857f009a3c06a2641332d41dfd89726dd5f2c6e500f7b25b751.iso
Details	File	1	marss-filtry_zw015010024.iso
Details	File	1	skm_c250i24100408500.bat
Details	File	1	upm-0002607-1-2024-up-3762.iso
Details	File	1	435635lukketid.bat
Details	File	1	311861751714730477170144.bat
Details	File	1	term.bat
Details	File	1	skm_32532667622352352arvehygiejnikernes.bat
Details	File	1	order_ap568.bat
Details	File	1	order_u769.bat
Details	File	1	beschwerde-rechtsanwalt.bat
Details	File	1	order.bat
Details	File	1	ach0036173.bat
Details	File	1	glasmester.bat
Details	File	1	101483.bat
Details	sha256	1	36a9a24404963678edab15248ca95a4065bdc6a84e32fcb7a2387c3198641374
Details	sha256	1	26500af5772702324f07c58b04ff703958e7e0b57493276ba91c8fa87b7794ff
Details	sha256	1	40b46bae5cca53c55f7b7f941b0a02aeb5ef5150d9eff7258c48f92de5435216
Details	sha256	1	e0d9ebe414aca4f6d28b0f1631a969f9190b6fb2cf5599b99ccfc6b7916ed8b3
Details	sha256	1	4c697bdcbe64036ba8a79e587462960e856a37e3b8c94f9b3e7875aeb2f91959
Details	sha256	1	661f5870a5d8675719b95f123fa27c46bfcedd45001ce3479a9252b653940540
Details	sha256	1	33ed102236533c8b01a224bd5ffb220cecc32900285d2984d4e41803f1b2b58d
Details	sha256	1	9617fa7894af55085e09a06b1b91488af37b8159b22616dfd5c74e6b9a081739
Details	sha256	1	f5feabf1c367774dc162c3e29b88bf32e48b997a318e8dd03a081d7bfe6d3eb5
Details	sha256	1	f78319fcb16312d69c6d2e42689254dff3cb875315f7b2111f5c3d2b4947ab50
Details	sha256	1	949cdd89ed5fb2da03c53b0e724a4d97c898c62995e03c48cbd8456502e39e57
Details	sha256	1	9493ad437ea4b55629ee0a8d18141977c2632de42349a995730112727549f40e
Details	sha256	1	535dd8d9554487f66050e2f751c9f9681dadae795120bb33c3db9f71aafb472c
Details	sha256	1	e5ebe4d8925853fc1f233a5a6f7aa29fd8a7fa3a8ad27471c7d525a70f4461b6
Details	sha256	1	51244e77587847280079e7db8cfdff143a16772fb465285b9098558b266c6b3f
Details	sha256	1	643cd5ba1ac50f5aa2a4c852b902152ffc61916dc39bd162f20283a0ecef39fe
Details	sha256	1	54b8b9c01ce6f58eb6314c67f3acb32d7c3c96e70c10b9d35effabb7e227952e
Details	sha256	1	c1f810194395ff53044e3ef87829f6dff63a283c568be4a83088483b6c043ec8
Details	sha256	1	8dd5fd174ee703a43ab5084fdaba84d074152e46b84d588bf63f9d5cd2f673d1
Details	sha256	1	bde5f995304e327d522291bf9886c987223a51a299b80ab62229fcc5e9d09f62
Details	sha256	1	b1be65efa06eb610ae0426ba7ac7f534dcb3090cd763dc8642ca0ede7a339ce7
Details	sha256	1	18c0a772f0142bc8e5fb0c8931c0ba4c9e680ff97d7ceb8c496f68dea376f9da
Details	sha256	1	4a4c0918bdacd60e792a814ddacc5dc7edb83644268611313cb9b453991ac628
Details	sha256	1	8bedbdaa09eefac7845278d83a08b17249913e484575be3a9c61cf6c70837fd2
Details	sha256	1	ff6c4c8d899df66b551c84124e73c1f3ffa04a4d348940f983cf73b2709895d3
Details	sha256	1	f3e046a7769b9c977053dd32ebc1b0e1bbfe3c61789d2b8d54e51083c3d0bed5
Details	sha256	1	0546b035a94953d33a5c6d04bdc9521b49b2a98a51d38481b1f35667f5449326
Details	sha256	1	4f1b5d4bb6d0a7227948fb7ebb7765f3eb4b26288b52356453b74ea530111520
Details	sha256	1	038113f802ef095d8036e86e5c6b2cb8bc1529e18f34828bcf5f99b4cc012d6a
Details	sha256	1	6977043d30d8c1c5024669115590b8fd154905e01ab1f2832b2408d1dc811164
Details	sha256	1	6370cbcb1ac3941321f93dd0939d5daba0658fb8c85c732a6022cc0ec8f0f082
Details	sha256	1	7f06382b781a8ba0d3f46614f8463f8857f0ade67e0f77606b8d918909ad37c2
Details	sha256	1	e98fa3828fa02209415640c41194875c1496bc6f0ca15902479b012243d37c47
Details	sha256	1	0f0dfe8c5085924e5ab722fa01ea182569872532a6162547a2e87a1d2780f902
Details	sha256	1	48dca5f3a12d3952531b05b556c30accafbf9a3c6cda3ec517e4700d5845ab61
Details	sha256	1	f43b78e4dc3cba2ee9c6f0f764f97841c43419059691d670ca930ce84fb7143b
Details	sha256	1	a60dbbe88a1c4857f009a3c06a2641332d41dfd89726dd5f2c6e500f7b25b751
Details	sha256	1	efd80337104f2acde5c8f3820549110ad40f1aa9b494da9a356938103bda82e7
Details	sha256	1	0327db7b754a16a7ae29265e7d8daed7a1caa4920d5151d779e96cd1536f2fbe
Details	sha256	1	c415127bde80302a851240a169fff0592e864d2f93e9a21c7fd775fdb4788145
Details	sha256	1	36c464519a4cce8d0fcdb22a8974923fd51d915075eba9e62ade54a9c396844d
Details	sha256	1	e9fc754844df1a7196a001ac3dfbcf28b80397a718a3ceb8d397378a6375ff62
Details	sha256	1	1bf09bcb5bfa440fc6ce5c1d3f310fb274737248bf9acdd28bea98c9163a745a
Details	sha256	1	f87448d722e160584e40feaad0769e170056a21588679094f7d58879cdb23623
Details	sha256	1	f20670ed0cdc2d9a2a75884548e6e6a3857bbf66cfbfb4afe04a3354da9067c9
Details	sha256	1	4c90504c86f1e77b0a75a1c7408adf1144f2a0e3661c20f2bf28d168e3408429
Details	sha256	1	8ef4cb5ad7d5053c031690b9d04d64ba5d0d90f7bf8ba5e74cb169b5388e92c5
Details	sha256	1	4ddd3369a51621b0009b6d993126fcb74b52e72f8cacd71fcbc401cda03108cb
Details	sha256	1	fda4e04894089be87f520144d8a6141074d63d33b29beb28fd042b0ecc06fbbc
Details	sha256	1	e5f5d9855be34b44ad4c9b1c5722d1a6dff2f4a6878a874df1209d813aea7094
Details	sha256	1	a7268e906b86f7c1bb926278bf88811cb12189de0db42616e5bbb3dc426a4ef5
Details	sha256	1	74d468acd0493a6c5d72387c8e225cc0243ae1a331cd1e2d38f75ed8812347dd
Details	sha256	1	a2127d63bc0204c17d4657e5ae6930cab6ab33ae3e65b82e285a8757f39c4da9
Details	sha256	1	b45d9b5dbe09b2ca45d66432925842b0f698c9d269d3c7b5148cc26bdc2a92d0
Details	sha256	1	229c4ce294708561801b16eed5a155c8cfe8c965ea99ac3cfb4717a35a1492f3
Details	sha256	1	5854d9536371389fb0f1152ebc1479266d36ec4e06b174619502a6db1b593d71
Details	sha256	1	140dcb39308d044e3e90610c65a08e0abc6a3ac22f0c9797971f0c652bb29add
Details	sha256	1	0b1c44b202ede2e731b2d9ee64c2ce333764fbff17273af831576a09fc9debfa
Details	sha256	1	31a72d94b14bf63b07d66d023ced28092b9253c92b6e68397469d092c2ffb4a6
Details	sha256	1	85d1877ceda7c04125ca6383228ee158062301ae2b4e4a4a698ef8ed94165c7c
Details	sha256	1	8d7324d66484383eba389bc2a8a6d4e9c4cb68bfec45d887b7766573a306af68
Details	sha256	1	45b7b8772d9fe59d7df359468e3510df1c914af41bd122eeb5a408d045399a14
Details	sha256	1	b0e69f895f7b0bc859df7536d78c2983d7ed0ac1d66c243f44793e57d346049d
Details	sha256	1	09a3bb4be0a502684bd37135a9e2cbaa3ea0140a208af680f7019811b37d28d6
Details	sha256	1	0996e7b37e8b41ff0799996dd96b5a72e8237d746c81e02278d84aa4e7e8534e
Details	sha256	1	a9af33c8a9050ee6d9fe8ce79d734d7f28ebf36f31ad8ee109f9e3f992a8d110
Details	IPv4	1	91.109.20.161
Details	IPv4	1	137.184.191.215
Details	IPv4	1	185.248.196.6
Details	MITRE ATT&CK Techniques	311	T1566.001
Details	MITRE ATT&CK Techniques	441	T1055
Details	MITRE ATT&CK Techniques	367	T1204.002
Details	MITRE ATT&CK Techniques	381	T1547.001
Details	MITRE ATT&CK Techniques	506	T1140
Details	MITRE ATT&CK Techniques	53	T1622
Details	MITRE ATT&CK Techniques	9	T1001.001
Details	MITRE ATT&CK Techniques	494	T1105
Details	MITRE ATT&CK Techniques	464	T1059.001
Details	MITRE ATT&CK Techniques	58	T1497.003
Details	MITRE ATT&CK Techniques	445	T1071.001
Details	Url	1	https://careerfinder.ro
Details	Url	1	https://filedn.com/lk8iuos2ybqy4dz6sat9ksz/frihandelsaftalen40.fla
Details	Url	1	https://careerfinder.ro/vn/traurigheder.sea
Details	Url	1	http://inversionesevza.com/wp-includes/blocks_/dekupere.pcz
Details	Url	1	https://rareseeds.zendesk.com/attachments/token/g9sqnykxwfanrmbcy8mzhcies/?name=po++380.101483.bat
Details	Windows Registry Key	12	HKCU\Environment