← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Gootloader Returns: What Goodies Did They Bring?
WHITE Storm-0494 Tr1sa111 2025-11-07 Modified: 2025-12-06
129
IOCs
HIGH VOLUME
vanilla tempestlateral movementnoberusransomwareobfuscationgootloaderquantum lockerseo poisoningrhysidawordpress exploitationzeppelinjavascriptblackcatalphvsupper socks5 backdoor
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Gootloader - S1138 Rhysida BlackCat - S1068 ALPHV Noberus Zeppelin Quantum Locker Supper SOCKS5 Backdoor
Indicators of Compromise (66 / 129 total)
All URL FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://espressonisten.de/ 2025-11-07
URL https://r34porn.net/ 2025-11-07
URL https://www.lovestu.com/ 2025-11-07
URL https://www.pathfindertravels.se/tickets/ 2025-11-07
URL https://www.smithcoinc.biz/ 2025-11-07
URL https://www.supremesovietoflove.com/wp/ 2025-11-07
URL https://xxxmorritas.com/ 2025-11-07
URL http://cookcountyjudges.org/ 2025-11-07
URL https://allreleases.ru/ 2025-11-07
URL https://apprater.net/ 2025-11-07
URL https://aradax.ir/ 2025-11-07
URL https://blossomthemesdemo.com/ 2025-11-07
URL https://bluehamham.com/ 2025-11-07
URL https://buildacampervan.com/ 2025-11-07
URL https://campfosterymca.com/ 2025-11-07
URL https://cargoboard.de/ 2025-11-07
URL https://cloudy.pk/ 2025-11-07
URL https://cortinaspraga.com/ 2025-11-07
URL https://dailykhabrain.com.pk/ 2025-11-07
URL https://egyptelite.com/ 2025-11-07
URL https://eliskavaea.cz/ 2025-11-07
URL https://filmcrewnepal.com/ 2025-11-07
URL https://fotbalovavidea.cz/ 2025-11-07
URL https://gravityforms.ir/ 2025-11-07
URL https://headedforspace.com/ 2025-11-07
URL https://hotporntv.net/ 2025-11-07
URL https://idmpakistan.pk/ 2025-11-07
URL https://influenceimmo.com/ 2025-11-07
URL https://jungutah.com/ 2025-11-07
URL https://kollabmi.se/ 2025-11-07
URL https://latimp.eu/ 2025-11-07
URL https://leadoo.com/ 2025-11-07
URL https://lepolice.com/ 2025-11-07
URL https://medicit-y.ch/ 2025-11-07
URL https://michaelcheney.com/ 2025-11-07
URL https://motoz.com.au/ 2025-11-07
URL https://myanimals.com/ 2025-11-07
URL https://onsk.dk/ 2025-11-07
URL https://ostmarketing.com/ 2025-11-07
URL https://patriotillumination.com/ 2025-11-07
URL https://redronic.com/ 2025-11-07
URL https://restaurantchezhenri.ca/ 2025-11-07
URL https://solidegypt.net/ 2025-11-07
URL https://spirits-station.fr/ 2025-11-07
URL https://studentspoint.org/ 2025-11-07
URL https://sugarbeecrafts.com/ 2025-11-07
URL https://themasterscraft.com/ 2025-11-07
URL https://thetripschool.com/ 2025-11-07
URL https://tiresdoc.com/ 2025-11-07
URL https://unica.md/ 2025-11-07
URL https://usma.ru/ 2025-11-07
URL https://villasaze.ir/ 2025-11-07
URL https://vps3nter.ir/ 2025-11-07
URL https://wessper.com/ 2025-11-07
URL https://whiskymuseum.at/ 2025-11-07
URL https://www.claritycontentservices.com/wp/ 2025-11-07
URL https://www.ferienhausdehaanmieten.de/ 2025-11-07
URL https://www.minklinkaps.com/ 2025-11-07
URL https://www.us.registration.fcaministers.com/ 2025-11-07
URL https://www.wagenbaugrabs.ch/ 2025-11-07
URL https://www.worldwealthbuilders.com/ 2025-11-07
URL https://www1.zonewebmaster.eu/news/ 2025-11-07
URL https://www2.pelisyseries.net/ 2025-11-07
URL https://x.fybw.org/ 2025-11-07
URL https://yoga-penzberg.de/ 2025-11-07
URL https://yourboxspring.nl/ 2025-11-07
References (1)
↗ https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation