← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Gootloader Returns: What Goodies Did They Bring?
WHITE Storm-0494 Tr1sa111 2025-11-07 Modified: 2025-12-06
129
IOCs
HIGH VOLUME
vanilla tempestlateral movementnoberusransomwareobfuscationgootloaderquantum lockerseo poisoningrhysidawordpress exploitationzeppelinjavascriptblackcatalphvsupper socks5 backdoor
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Gootloader - S1138 Rhysida BlackCat - S1068 ALPHV Noberus Zeppelin Quantum Locker Supper SOCKS5 Backdoor
Indicators of Compromise (9 / 129 total)
All URL FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 2f056ce0657542da3e7e43fb815a8973c354624043f19ef134dff271db1741b3 2025-11-07
FileHash-SHA256 5ec9e926d4fb4237cf297d0d920cf0e9a5409f0226ee555bd8c89b97a659f4b0 2025-11-07
FileHash-SHA256 7557d5fed880ee1e292aba464ffdc12021f9acbe0ee3a2313519ecd7f94ec5c4 2025-11-07
FileHash-SHA256 87cbe9a5e9da0dba04dbd8046b90dbd8ee531e99fd6b351eae1ae5df5aa67439 2025-11-07
FileHash-SHA256 ad88076fd75d80e963d07f03d7ae35d4e55bd49634baf92743eece19ec901e94 2025-11-07
FileHash-SHA256 b9a61652dffd2ab3ec3b7e95829759fc43665c27e9642d4b2d4d2f7287254034 2025-11-07
FileHash-SHA256 c2326db8acae0cf9c5fc734e01d6f6c1cd78473b27044955c5761ec7fd479964 2025-11-07
FileHash-SHA256 c2b9782c55f75bb1797cb4fbae0290b44d0fcad51bf4f2c11c52ebbe3526d2ac 2025-11-07
FileHash-SHA256 cf44aa11a17b3dad61cae715f4ea27c0cbf80732a1a7a1c530a5c9d3d183482a 2025-11-07
References (1)
↗ https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation