Spoofed Saudi Purchase Order Drops GuLoader: Part 1 | FortiGuard LabsĀ 
Tags
country: Saudi Arabia Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID eb642842-bde6-40f3-b9bd-54b2abf945ee
Fingerprint ac0b8d72a9366fc7
Analysis status DONE
Considered CTI value 2
Text language
Published May 23, 2022, 2:37 p.m.
Added to db Sept. 11, 2022, 12:44 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Spoofed Saudi Purchase Order Drops GuLoader: Part 1
Title Spoofed Saudi Purchase Order Drops GuLoader: Part 1 | FortiGuard LabsĀ 
Detected Hints/Tags/Attributes 61/3/14
Source URLs
Redirection Url
Details Source https://www.fortinet.com/blog/threat-research/spoofed-saudi-purchase-order-drops-guloader
URL Provider
Details Provider Source level domain
Details fortinet.com www.fortinet.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
zoneofzenith.com
Details Domain 4127 
github.com
Details Domain 2 
bounceclick.live
Details Email 1 
info@zoneofzenith.com
Details File 2 
23754-1.iso
Details File 2 
23754-1.exe
Details File 57 
system.dll
Details File 1 
%windir%\parallelizing.log
Details File 2 
corg_ryggqn229.bin
Details Github username 1 
myfreeer
Details sha256 2 
c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448
Details sha256 2 
14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe
Details sha256 2 
4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79
Details Url 1 
https://github.com/myfreeer/7z-build-nsis