Pulse Detail — Threat Intelligence

PULSE NAME

Spoofed Saudi Purchase Order Drops GuLoader – Part 2 | FortiGuard Labs

WHITE mohdrennis 2022-07-14 Modified: 2022-07-14

IOCs

MEDIUM VOLUME

In the second part of a blog series, FortiGuard Labs examines GuLoader, a type of malware known as “CloudEye” and how it deploys itself to target victims.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1106

MALWARE FAMILIES

Lokibot Agent Tesla

Indicators of Compromise (8 / 28 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	00e8a49e7f39a981b739a29933461eaa	MD5 of 5805e51dc4825c86b2d38c2a011429259954395e2d7b1fd06d83a2a3ec16fc14	2022-07-14
FileHash-MD5	40b2c17dedbf901178b683093f350317	MD5 of 344362b48b8aa9a89623e0bfd139d62f07e2523e600a79bb5af940f35d0740e5	2022-07-14
FileHash-MD5	487196ecd966622d96bd5ff5d6e39f00	MD5 of 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79	2022-07-14
FileHash-MD5	6e483358f705b9752cf134ebd7583055	MD5 of cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9	2022-07-14
FileHash-MD5	c012417c6e5d2210fbe0bc36a79d577b	MD5 of 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe	2022-07-14
FileHash-MD5	da1bab396f4ae47bf732cd658fdccf92	MD5 of 3e79ce8ac441c8c8e777fe0804b67da0bd908a045d553a31893d95f15ae4ea01	2022-07-14
FileHash-MD5	fc94d6d184bce05194888f5e968a4934	MD5 of c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448	2022-07-14
FileHash-MD5	fe369661d23af50410d2a2ae4fa76d5c	MD5 of 9c5f99c37d042b0d6f2b5614fade06d373b2b954bf021bbf955df03693f2380d	2022-07-14

References (1)

↗ https://www.fortinet.com/blog/threat-research/spoofed-saudi-purchase-order-drops-guloader-part-two