Tax-themed phishing emails delivering GuLoader
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Control Panel - T1218.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Visual Basic - T1059.005 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 9f93b1f3-4f07-415d-997d-bc4086899913
Fingerprint 6c5e8938c93dfecb
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 28, 2023, midnight
Added to db Feb. 28, 2023, 10:28 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Intelligence Insight: Tax-themed phishing emails delivering GuLoader
Title Tax-themed phishing emails delivering GuLoader
Detected Hints/Tags/Attributes 51/2/11
Source URLs
Redirection Url
Details Source https://redcanary.com/blog/tax-season-phishing/
URL Provider
Details Provider Source level domain
Details redcanary.com redcanary.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 360 Red Canary https://www.redcanary.co/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 144 
www.fortinet.com
Details Domain 469 
www.cisa.gov
Details Domain 1373 
twitter.com
Details File 376 
wscript.exe
Details File 2 
%windir%\system32\notepad.exe
Details File 1208 
powershell.exe
Details Url 1 
https://cybersecurity.att.com/blogs/security-essentials/guloader-a-highly-effective-and-versatile-malware-that-can-evade-detection
Details Url 1 
https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy
Details Url 1 
https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing
Details Url 1 
https://www.cisa.gov/tips/st15-001
Details Url 1 
https://twitter.com/redcanary/status/1408485279669882880?s=20