← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Spoofed Saudi Purchase Order Drops GuLoader
WHITE AlienVault 2022-05-23 Modified: 2022-05-23
8
IOCs
LOW VOLUME
A phishing e-mail that appears to come from an oil company in Saudi Arabia is the latest example of a tactic used by cyber-thieves to target victims of the GuLoader malware.
agent teslalokibotphishingsocial engineeringguloader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Lokibot Agent Tesla
Indicators of Compromise (8)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 c012417c6e5d2210fbe0bc36a79d577b MD5 of 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe 2022-05-23
FileHash-SHA1 041ef39a95c810daf4f02f80e3e858175bb1902e SHA1 of 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe 2022-05-23
FileHash-SHA256 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe 2022-05-23
FileHash-SHA256 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79 2022-05-23
FileHash-SHA256 c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448 2022-05-23
URL http://bounceclick.live/VVB/COrg_RYGGqN229.binb 2022-05-23
domain zoneofzenith.com 2022-05-23
email info@zoneofzenith.com 2022-05-23
References (1)
↗ https://www.fortinet.com/blog/threat-research/spoofed-saudi-purchase-order-drops-guloader