ioc[.]one - OSINT Cyber Threat Intelligence Database

GuLoader: The NSIS Vantage Point

Tags

country:	South Korea United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	6c5a00d3-51bb-4d3a-bfa2-131e09db9da4
Fingerprint	c41c1d24a1bed4cd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 24, 2023, midnight
Added to db	Oct. 24, 2023, 1:31 p.m.
Last updated	Nov. 18, 2024, 1:24 p.m.
Headline	Blogs
Title	GuLoader: The NSIS Vantage Point
Detected Hints/Tags/Attributes	54/3/40

Source URLs

	Redirection	Url
Details	Source	https://www.trellix.com/about/newsroom/stories/research/guloader-the-nsis-vantage-point/

URL Provider

Details	Provider	Source level domain
Details	trellix.com	www.trellix.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	staninnovationgroupllc.com
Details	Domain	195	drive.google.com
Details	Domain	2	linkedindianer.com
Details	Domain	2	www.aortistf.tk
Details	Domain	2	jmariecompany.com
Details	Domain	2	posadalaprotegida.com.ar
Details	Domain	18	generic.mg
Details	File	1212	powershell.exe
Details	File	2130	cmd.exe
Details	md5	3	703254254bf23f72b26f54a936cda496
Details	md5	2	ff091158eec27558905a598dee86c043
Details	md5	2	bd8d50eacc2cb7c6759fa5a62791e8d0
Details	md5	2	bffd0312e6151472c32be6dea6897b50
Details	md5	2	aa074c005a4b2e89dedd45bd9d869881
Details	md5	2	c691bc9cb2682c023351aa7460242eb9
Details	md5	2	d31f6ec6a53b1a2659d4697b72900dac
Details	md5	2	b53d5a3078e3d1cae1cf8f150987eb7f
Details	md5	2	22b82f46f0ff7c7a1b375aa84867d277
Details	md5	2	a5bb4f5bacfabb9c81035fec65a84012
Details	md5	2	f5e9499818bb35be1d5b670b833216bf
Details	md5	2	1349db7fd7aaa4a1547cd4381cd7a9b1
Details	IPv4	2	91.245.255.55
Details	IPv4	2	37.120.222.192
Details	IPv4	3	193.239.86.180
Details	IPv4	4	146.70.79.13
Details	IPv4	5	45.137.117.184
Details	Url	2	https://staninnovationgroupllc.com/myformbook_eyhvnu169
Details	Url	2	https://drive.google.com/uc?export=download&id=1ffapdplwkae2mes2ltcw9rdnejeazdaq
Details	Url	2	http://91.245.255.55/java_agent_szocrs225
Details	Url	2	http://37.120.222.192/texas_tybnb22
Details	Url	2	http://linkedindianer.com/infoo_uxxitsz73
Details	Url	2	http://193.239.86.180/build_cmxtgk211
Details	Url	2	http://www.aortistf.tk/maks_rooovchp166
Details	Url	2	http://jmariecompany.com/korg_sihytzsf95
Details	Url	2	https://drive.google.com/uc?export=download&id=1ansa1onngoamkteb_wbp1hpgzrpmlhcq
Details	Url	2	http://posadalaprotegida.com.ar/ebicbzqpsxrr192
Details	Url	2	https://drive.google.com/uc?export=download&id=1yscc0lvoawwacdu5uuybn6twsszgxlem
Details	Url	2	https://drive.google.com/uc?export=download&id=1br29icpd_54rzhuz9c80b1epuluwdlvt
Details	Url	2	http://146.70.79.13/gpuardjzecpp13
Details	Url	2	http://45.137.117.184/hvntfvskccqt84