Pulse Detail — Threat Intelligence

PULSE NAME

Spoofed Saudi Purchase Order Drops GuLoader – Part 2 | FortiGuard Labs

WHITE mohdrennis 2022-07-14 Modified: 2022-07-14

IOCs

MEDIUM VOLUME

In the second part of a blog series, FortiGuard Labs examines GuLoader, a type of malware known as “CloudEye” and how it deploys itself to target victims.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1106

MALWARE FAMILIES

Lokibot Agent Tesla

Indicators of Compromise (8 / 28 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	041ef39a95c810daf4f02f80e3e858175bb1902e	SHA1 of 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe	2022-07-14
FileHash-SHA1	0e8e564645bf637636ade3d77ae99b135b26898f	SHA1 of 5805e51dc4825c86b2d38c2a011429259954395e2d7b1fd06d83a2a3ec16fc14	2022-07-14
FileHash-SHA1	10f2d1bc6f3f0abbefb2f811ec9668f6355cb497	SHA1 of cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9	2022-07-14
FileHash-SHA1	277425dd7f89153ebff3f685d0c168fe06835fc4	SHA1 of 9c5f99c37d042b0d6f2b5614fade06d373b2b954bf021bbf955df03693f2380d	2022-07-14
FileHash-SHA1	5f5bef9036750bc992c6a4c22f2551506a06dd4c	SHA1 of 344362b48b8aa9a89623e0bfd139d62f07e2523e600a79bb5af940f35d0740e5	2022-07-14
FileHash-SHA1	8f68717be50c0ad2eadd130d90fac316b6505650	SHA1 of c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448	2022-07-14
FileHash-SHA1	c7d86cbb53e2d271353bc2d6d0bfebfc78d20869	SHA1 of 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79	2022-07-14
FileHash-SHA1	f2f15a268d79e8f5153ff54ed1e19e8d7010d7e8	SHA1 of 3e79ce8ac441c8c8e777fe0804b67da0bd908a045d553a31893d95f15ae4ea01	2022-07-14

References (1)

↗ https://www.fortinet.com/blog/threat-research/spoofed-saudi-purchase-order-drops-guloader-part-two