GuLoader - S0561 – Securitricks

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to malwares

GuLoader - S0561

AlienVault · Published 20/12/2025 19:36 · Modified 20/12/2025 22:27

Essential information

Confidence: 100/100
Is family: No
Published: 20/12/2025 19:36
Modified: 20/12/2025 22:27
Revoked: No
Author / Source: AlienVault
Related entities: 74 attack patterns (mitre), 1 intrusion sets (apt), 9 sectors, 8 countries, 99 indicators, 9 vulnerabilities (cve), 7 reports

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.

Attack patterns (MITRE) (74)

T1083 uses

File and Directory Discovery MITRE
T1087 uses

Account Discovery MITRE
T1071.001 uses

Web Protocols MITRE
T1204 uses

User Execution MITRE
T1032 uses

MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1210 uses

Exploitation of Remote Services MITRE
T1106 uses

Native API MITRE
T1486 uses

Data Encrypted for Impact MITRE
T1057 uses

Process Discovery MITRE
T1023 uses

MITRE
T1574 uses

Hijack Execution Flow MITRE

← Previous

Page / 7

1–12 of 74

Makop uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Sectors (9)

Technology targets
Education targets
Engineering consulting targets
Information Technologies Consulting targets
Finance targets
Energy targets
Consulting targets
Manufacturing targets
Government targets

Countries (8)

United States of America targets
Germany targets
Czechia targets
British Indian Ocean Territory targets
India targets
Brazil targets
Spain targets
Croatia targets

Indicators (99)

f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446 indicates

stix 100/100 Revoked

Win.Tool.ShareScanner-6827521-0 SHA256 of 597de376b1f80c06d501415dd973dcec

· Valid until 15/05/2026 · Source: AlienVault
f181b8ae88f6c657c3ec3d1d5e8420fbf340c543b3d9292947ae035e3591b664 indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
6752d24da3565761c94ab10d3010e1be702221783f9b509209f97a8e32003767 indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
0d468fa92767ca1abe881155224d94879b575860e403636d3dbb550e9b9a6a7a indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
newsbloger1.duckdns.org indicates

stix 100/100 Revoked

· Valid until 09/03/2026 · Source: AlienVault
[email protected] indicates

stix 100/100 Revoked

· Valid until 15/10/2024 · Source: AlienVault
ride-fatal-italic-information.trycloudflare.com indicates

stix 100/100 Revoked

· Valid until 14/11/2025 · Source: AlienVault
http://45.137.117.184/riBOkPd173.mix indicates

stix 100/100 Revoked

· Valid until 07/12/2022 · Source: AlienVault
7fccb9545a51bb6d40e9c78bf9bc51dc2d2a78a27b81bf1c077eaf405cbba6e9 indicates

stix 100/100

· Valid until 06/02/2027 · Source: AlienVault
https://rosenbaum.live/bars.php indicates

stix 100/100 Revoked

· Valid until 20/05/2025 · Source: AlienVault
slgndocline.onlxtg.com indicates

stix 100/100 Revoked

· Valid until 09/03/2026 · Source: AlienVault
53c32ea384894526992d010c0c49ffe250d600b9b4472cce86bbd0249f88eada indicates

stix 100/100 Revoked

· Valid until 04/11/2025 · Source: AlienVault

← Previous

Page / 9

1–12 of 99

Vulnerabilities (CVE) (9)

CVE-2019-1388 KEV targets

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.

Published: 07/04/2023
Modified: 21/12/2025

CVE-2020-0787 KEV targets

Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this …

Published: 28/01/2022
Modified: 21/12/2025

CVE-2020-1066 targets

7.8 High

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, …

Attack vector: LOCAL
Published: 22/05/2020
Modified: 21/12/2025

CVE-2021-41379 KEV targets

Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

Published: 03/03/2022
Modified: 21/12/2025

CVE-2018-8639 KEV targets

Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully …

Published: 03/03/2025
Modified: 20/12/2025

CVE-2017-0213 KEV targets

7.3 High

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Attack vector: LOCAL
Complexity: LOW
Published: 12/05/2017
Modified: 22/04/2026

CVE-2020-0796 KEV targets

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An …

Published: 10/02/2022
Modified: 20/12/2025

CVE-2016-0099 KEV targets

7.8 High

A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. …

Attack vector: LOCAL
Complexity: LOW
Published: 09/03/2016
Modified: 22/04/2026

CWE-120

CVE-2025-7771 targets

8.7 High

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. …

Published: 20/12/2025
Modified: 21/12/2025

Awaiting Analysis

Reports (7)

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight …

AlienVault Confidence 100 20 MITREs 5 Malwares 12 IOCs 12 Observables
Technical Analysis of GuLoader Obfuscation Techniques

14 MITREs 2 Malwares 6 Observables
Guloader Malware Being Disguised as Employee Performance Reports

2 Malwares 2 Observables
Makop ransomware: GuLoader and privilege escalation in attacks …

10 CVEs 18 MITREs 4 Malwares 62 Observables 1 APT
Threat actors leverage tax season to deploy tax-themed …

15 MITREs 5 Malwares 1 APT
Threat Actor Abuses Cloudflare Tunnels to Deliver RATs

19 MITREs 5 Malwares 13 Observables
Files with TXZ extension used as malspam attachments

10 MITREs 2 Malwares 2 Observables

Contact About Legal notice Privacy policy Terms of use