← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Gootloader Returns: What Goodies Did They Bring?
WHITE Storm-0494 Tr1sa111 2025-11-07 Modified: 2025-12-06
129
IOCs
HIGH VOLUME
vanilla tempestlateral movementnoberusransomwareobfuscationgootloaderquantum lockerseo poisoningrhysidawordpress exploitationzeppelinjavascriptblackcatalphvsupper socks5 backdoor
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Gootloader - S1138 Rhysida BlackCat - S1068 ALPHV Noberus Zeppelin Quantum Locker Supper SOCKS5 Backdoor
Indicators of Compromise (129)
All URL FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://espressonisten.de/ 2025-11-07
URL https://r34porn.net/ 2025-11-07
URL https://www.lovestu.com/ 2025-11-07
URL https://www.pathfindertravels.se/tickets/ 2025-11-07
URL https://www.smithcoinc.biz/ 2025-11-07
URL https://www.supremesovietoflove.com/wp/ 2025-11-07
URL https://xxxmorritas.com/ 2025-11-07
FileHash-SHA256 2f056ce0657542da3e7e43fb815a8973c354624043f19ef134dff271db1741b3 2025-11-07
FileHash-SHA256 5ec9e926d4fb4237cf297d0d920cf0e9a5409f0226ee555bd8c89b97a659f4b0 2025-11-07
FileHash-SHA256 7557d5fed880ee1e292aba464ffdc12021f9acbe0ee3a2313519ecd7f94ec5c4 2025-11-07
FileHash-SHA256 87cbe9a5e9da0dba04dbd8046b90dbd8ee531e99fd6b351eae1ae5df5aa67439 2025-11-07
FileHash-SHA256 ad88076fd75d80e963d07f03d7ae35d4e55bd49634baf92743eece19ec901e94 2025-11-07
FileHash-SHA256 b9a61652dffd2ab3ec3b7e95829759fc43665c27e9642d4b2d4d2f7287254034 2025-11-07
FileHash-SHA256 c2326db8acae0cf9c5fc734e01d6f6c1cd78473b27044955c5761ec7fd479964 2025-11-07
FileHash-SHA256 c2b9782c55f75bb1797cb4fbae0290b44d0fcad51bf4f2c11c52ebbe3526d2ac 2025-11-07
FileHash-SHA256 cf44aa11a17b3dad61cae715f4ea27c0cbf80732a1a7a1c530a5c9d3d183482a 2025-11-07
URL http://cookcountyjudges.org/ 2025-11-07
URL https://allreleases.ru/ 2025-11-07
URL https://apprater.net/ 2025-11-07
URL https://aradax.ir/ 2025-11-07
URL https://blossomthemesdemo.com/ 2025-11-07
URL https://bluehamham.com/ 2025-11-07
URL https://buildacampervan.com/ 2025-11-07
URL https://campfosterymca.com/ 2025-11-07
URL https://cargoboard.de/ 2025-11-07
URL https://cloudy.pk/ 2025-11-07
URL https://cortinaspraga.com/ 2025-11-07
URL https://dailykhabrain.com.pk/ 2025-11-07
URL https://egyptelite.com/ 2025-11-07
URL https://eliskavaea.cz/ 2025-11-07
URL https://filmcrewnepal.com/ 2025-11-07
URL https://fotbalovavidea.cz/ 2025-11-07
URL https://gravityforms.ir/ 2025-11-07
URL https://headedforspace.com/ 2025-11-07
URL https://hotporntv.net/ 2025-11-07
URL https://idmpakistan.pk/ 2025-11-07
URL https://influenceimmo.com/ 2025-11-07
URL https://jungutah.com/ 2025-11-07
URL https://kollabmi.se/ 2025-11-07
URL https://latimp.eu/ 2025-11-07
URL https://leadoo.com/ 2025-11-07
URL https://lepolice.com/ 2025-11-07
URL https://medicit-y.ch/ 2025-11-07
URL https://michaelcheney.com/ 2025-11-07
URL https://motoz.com.au/ 2025-11-07
URL https://myanimals.com/ 2025-11-07
URL https://onsk.dk/ 2025-11-07
URL https://ostmarketing.com/ 2025-11-07
URL https://patriotillumination.com/ 2025-11-07
URL https://redronic.com/ 2025-11-07
URL https://restaurantchezhenri.ca/ 2025-11-07
URL https://solidegypt.net/ 2025-11-07
URL https://spirits-station.fr/ 2025-11-07
URL https://studentspoint.org/ 2025-11-07
URL https://sugarbeecrafts.com/ 2025-11-07
URL https://themasterscraft.com/ 2025-11-07
URL https://thetripschool.com/ 2025-11-07
URL https://tiresdoc.com/ 2025-11-07
URL https://unica.md/ 2025-11-07
URL https://usma.ru/ 2025-11-07
URL https://villasaze.ir/ 2025-11-07
URL https://vps3nter.ir/ 2025-11-07
URL https://wessper.com/ 2025-11-07
URL https://whiskymuseum.at/ 2025-11-07
URL https://www.claritycontentservices.com/wp/ 2025-11-07
URL https://www.ferienhausdehaanmieten.de/ 2025-11-07
URL https://www.minklinkaps.com/ 2025-11-07
URL https://www.us.registration.fcaministers.com/ 2025-11-07
URL https://www.wagenbaugrabs.ch/ 2025-11-07
URL https://www.worldwealthbuilders.com/ 2025-11-07
URL https://www1.zonewebmaster.eu/news/ 2025-11-07
URL https://www2.pelisyseries.net/ 2025-11-07
URL https://x.fybw.org/ 2025-11-07
URL https://yoga-penzberg.de/ 2025-11-07
URL https://yourboxspring.nl/ 2025-11-07
domain allreleases.ru 2025-11-07
domain apprater.net 2025-11-07
domain aradax.ir 2025-11-07
domain blossomthemesdemo.com 2025-11-07
domain bluehamham.com 2025-11-07
domain buildacampervan.com 2025-11-07
domain campfosterymca.com 2025-11-07
domain cargoboard.de 2025-11-07
domain cookcountyjudges.org 2025-11-07
domain cortinaspraga.com 2025-11-07
domain egyptelite.com 2025-11-07
domain eliskavaea.cz 2025-11-07
domain espressonisten.de 2025-11-07
domain filmcrewnepal.com 2025-11-07
domain fotbalovavidea.cz 2025-11-07
domain gravityforms.ir 2025-11-07
domain headedforspace.com 2025-11-07
domain hotporntv.net 2025-11-07
domain jungutah.com 2025-11-07
domain kollabmi.se 2025-11-07
domain medicit-y.ch 2025-11-07
domain michaelcheney.com 2025-11-07
domain motoz.com.au 2025-11-07
domain onsk.dk 2025-11-07
domain ostmarketing.com 2025-11-07
domain patriotillumination.com 2025-11-07
domain redronic.com 2025-11-07
domain restaurantchezhenri.ca 2025-11-07
domain solidegypt.net 2025-11-07
domain spirits-station.fr 2025-11-07
domain studentspoint.org 2025-11-07
domain themasterscraft.com 2025-11-07
domain thetripschool.com 2025-11-07
domain tiresdoc.com 2025-11-07
domain unica.md 2025-11-07
domain villasaze.ir 2025-11-07
domain vps3nter.ir 2025-11-07
domain whiskymuseum.at 2025-11-07
domain xxxmorritas.com 2025-11-07
domain yoga-penzberg.de 2025-11-07
domain yourboxspring.nl 2025-11-07
hostname www.claritycontentservices.com 2025-11-07
hostname www.ferienhausdehaanmieten.de 2025-11-07
hostname www.lovestu.com 2025-11-07
hostname www.minklinkaps.com 2025-11-07
hostname www.pathfindertravels.se 2025-11-07
hostname www.smithcoinc.biz 2025-11-07
hostname www.supremesovietoflove.com 2025-11-07
hostname www.us.registration.fcaministers.com 2025-11-07
hostname www.wagenbaugrabs.ch 2025-11-07
hostname www.worldwealthbuilders.com 2025-11-07
hostname www1.zonewebmaster.eu 2025-11-07
hostname www2.pelisyseries.net 2025-11-07
hostname x.fybw.org 2025-11-07
References (1)
↗ https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation