ioc[.]one - OSINT Cyber Threat Intelligence Database

GuLoader: The NSIS Vantage Point

Tags

country:	South Korea United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	687b2405-51b8-4e81-a19f-50528d16c45a
Fingerprint	c41c1d24a1be94cc
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 24, 2023, midnight
Added to db	June 1, 2023, 11:01 a.m.
Last updated	Nov. 18, 2024, 1:24 p.m.
Headline	GuLoader: The NSIS Vantage Point
Title	GuLoader: The NSIS Vantage Point
Detected Hints/Tags/Attributes	50/3/40

Source URLs

	Redirection	Url
Details	Source	https://www.trellix.com/en-us/about/newsroom/stories/research/guloader-the-nsis-vantage-point.html

URL Provider

Details	Provider	Source level domain
Details	trellix.com	www.trellix.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	staninnovationgroupllc.com
Details	Domain	195	drive.google.com
Details	Domain	2	linkedindianer.com
Details	Domain	2	www.aortistf.tk
Details	Domain	2	jmariecompany.com
Details	Domain	2	posadalaprotegida.com.ar
Details	Domain	18	generic.mg
Details	File	1212	powershell.exe
Details	File	2130	cmd.exe
Details	md5	3	703254254bf23f72b26f54a936cda496
Details	md5	2	ff091158eec27558905a598dee86c043
Details	md5	2	bd8d50eacc2cb7c6759fa5a62791e8d0
Details	md5	2	bffd0312e6151472c32be6dea6897b50
Details	md5	2	aa074c005a4b2e89dedd45bd9d869881
Details	md5	2	c691bc9cb2682c023351aa7460242eb9
Details	md5	2	d31f6ec6a53b1a2659d4697b72900dac
Details	md5	2	b53d5a3078e3d1cae1cf8f150987eb7f
Details	md5	2	22b82f46f0ff7c7a1b375aa84867d277
Details	md5	2	a5bb4f5bacfabb9c81035fec65a84012
Details	md5	2	f5e9499818bb35be1d5b670b833216bf
Details	md5	2	1349db7fd7aaa4a1547cd4381cd7a9b1
Details	IPv4	2	91.245.255.55
Details	IPv4	2	37.120.222.192
Details	IPv4	3	193.239.86.180
Details	IPv4	4	146.70.79.13
Details	IPv4	5	45.137.117.184
Details	Url	2	https://staninnovationgroupllc.com/myformbook_eyhvnu169
Details	Url	2	https://drive.google.com/uc?export=download&id=1ffapdplwkae2mes2ltcw9rdnejeazdaq
Details	Url	2	http://91.245.255.55/java_agent_szocrs225
Details	Url	2	http://37.120.222.192/texas_tybnb22
Details	Url	2	http://linkedindianer.com/infoo_uxxitsz73
Details	Url	2	http://193.239.86.180/build_cmxtgk211
Details	Url	2	http://www.aortistf.tk/maks_rooovchp166
Details	Url	2	http://jmariecompany.com/korg_sihytzsf95
Details	Url	2	https://drive.google.com/uc?export=download&id=1ansa1onngoamkteb_wbp1hpgzrpmlhcq
Details	Url	2	http://posadalaprotegida.com.ar/ebicbzqpsxrr192
Details	Url	2	https://drive.google.com/uc?export=download&id=1yscc0lvoawwacdu5uuybn6twsszgxlem
Details	Url	2	https://drive.google.com/uc?export=download&id=1br29icpd_54rzhuz9c80b1epuluwdlvt
Details	Url	2	http://146.70.79.13/gpuardjzecpp13
Details	Url	2	http://45.137.117.184/hvntfvskccqt84