Pulse Detail — Threat Intelligence

PULSE NAME

Spoofed Saudi Purchase Order Drops GuLoader – Part 2 | FortiGuard Labs

WHITE mohdrennis 2022-07-14 Modified: 2022-07-14

IOCs

MEDIUM VOLUME

In the second part of a blog series, FortiGuard Labs examines GuLoader, a type of malware known as “CloudEye” and how it deploys itself to target victims.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1106

MALWARE FAMILIES

Lokibot Agent Tesla

Indicators of Compromise (28)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	00e8a49e7f39a981b739a29933461eaa	MD5 of 5805e51dc4825c86b2d38c2a011429259954395e2d7b1fd06d83a2a3ec16fc14	2022-07-14
FileHash-MD5	40b2c17dedbf901178b683093f350317	MD5 of 344362b48b8aa9a89623e0bfd139d62f07e2523e600a79bb5af940f35d0740e5	2022-07-14
FileHash-MD5	487196ecd966622d96bd5ff5d6e39f00	MD5 of 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79	2022-07-14
FileHash-MD5	6e483358f705b9752cf134ebd7583055	MD5 of cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9	2022-07-14
FileHash-MD5	c012417c6e5d2210fbe0bc36a79d577b	MD5 of 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe	2022-07-14
FileHash-MD5	da1bab396f4ae47bf732cd658fdccf92	MD5 of 3e79ce8ac441c8c8e777fe0804b67da0bd908a045d553a31893d95f15ae4ea01	2022-07-14
FileHash-MD5	fc94d6d184bce05194888f5e968a4934	MD5 of c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448	2022-07-14
FileHash-MD5	fe369661d23af50410d2a2ae4fa76d5c	MD5 of 9c5f99c37d042b0d6f2b5614fade06d373b2b954bf021bbf955df03693f2380d	2022-07-14
FileHash-SHA1	041ef39a95c810daf4f02f80e3e858175bb1902e	SHA1 of 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe	2022-07-14
FileHash-SHA1	0e8e564645bf637636ade3d77ae99b135b26898f	SHA1 of 5805e51dc4825c86b2d38c2a011429259954395e2d7b1fd06d83a2a3ec16fc14	2022-07-14
FileHash-SHA1	10f2d1bc6f3f0abbefb2f811ec9668f6355cb497	SHA1 of cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9	2022-07-14
FileHash-SHA1	277425dd7f89153ebff3f685d0c168fe06835fc4	SHA1 of 9c5f99c37d042b0d6f2b5614fade06d373b2b954bf021bbf955df03693f2380d	2022-07-14
FileHash-SHA1	5f5bef9036750bc992c6a4c22f2551506a06dd4c	SHA1 of 344362b48b8aa9a89623e0bfd139d62f07e2523e600a79bb5af940f35d0740e5	2022-07-14
FileHash-SHA1	8f68717be50c0ad2eadd130d90fac316b6505650	SHA1 of c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448	2022-07-14
FileHash-SHA1	c7d86cbb53e2d271353bc2d6d0bfebfc78d20869	SHA1 of 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79	2022-07-14
FileHash-SHA1	f2f15a268d79e8f5153ff54ed1e19e8d7010d7e8	SHA1 of 3e79ce8ac441c8c8e777fe0804b67da0bd908a045d553a31893d95f15ae4ea01	2022-07-14
FileHash-SHA256	1051d3690e70e4227a2b0a0aa87367fb09c49c55360c7a1880b2acfba0b77490	—	2022-07-14
FileHash-SHA256	14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe	—	2022-07-14
FileHash-SHA256	344362b48b8aa9a89623e0bfd139d62f07e2523e600a79bb5af940f35d0740e5	—	2022-07-14
FileHash-SHA256	3e79ce8ac441c8c8e777fe0804b67da0bd908a045d553a31893d95f15ae4ea01	—	2022-07-14
FileHash-SHA256	4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79	—	2022-07-14
FileHash-SHA256	53a0111fa7fca816618b65709ebf5d04ae9a64f9ebcfe08c60117a6a6f9d8030	—	2022-07-14
FileHash-SHA256	5805e51dc4825c86b2d38c2a011429259954395e2d7b1fd06d83a2a3ec16fc14	—	2022-07-14
FileHash-SHA256	9c5f99c37d042b0d6f2b5614fade06d373b2b954bf021bbf955df03693f2380d	—	2022-07-14
FileHash-SHA256	c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448	—	2022-07-14
FileHash-SHA256	cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9	—	2022-07-14
URL	http://bounceclick.live/VVB/COrg_RYGGqN229.binb	—	2022-07-14
domain	bounceclick.live	—	2022-07-14

References (1)

↗ https://www.fortinet.com/blog/threat-research/spoofed-saudi-purchase-order-drops-guloader-part-two