February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Lokibot Malware – Active IOCs
March 16, 2022Rewterz Threat Alert – Hive Ransomware – Active IOCs
March 16, 2022Rewterz Threat Alert – Lokibot Malware – Active IOCs
March 16, 2022Rewterz Threat Alert – Hive Ransomware – Active IOCs
March 16, 2022
Severity
Medium
Analysis Summary
Since 2019, Guloader has been in operation as a downloader. GuLoader spreads through spam campaigns with malicious archived attachments. GuLoader downloads the bulk of malware, with the most frequent being AgentTesla, FormBook, and NanoCore. The encrypted payloads of this downloader are usually saved on Google Drive. It also acquired its payloads from Microsoft OneDrive and an attacker-controlled website.
GuLoader can avoid network-based detection by using genuine file-sharing websites, which aren’t often filtered or inspected in corporate contexts.
Impact
- Information Theft
- Security Bypass
Indicators of Compromise
MD5
- 0fc2172c4be8d556c9343066920735df
SHA-256
- ac1e911a96bbe328c6d9e72cd90bfb58f7cbd9d602583d7fe43d825c1d40ece1
SHA-1
- 5cf49520d28154ae10b1c216c0922f6403876cc1
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.