Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers

May 8, 2024, 5:29 p.m.

Description

Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.

Date

Published: May 8, 2024, 1:32 p.m.

Created: May 8, 2024, 1:32 p.m.

Modified: May 8, 2024, 5:29 p.m.

Indicators

eddbe87f2009cb3199def0845ccf01d0397c126aca6f55e2a9516616825cebb1

e49ad00deda88a198f2728a3d276f0b55f892d3088bc861538a005e443d81a92

b32cf71e325ceaa8982e6ebed33f95894f2591397e08404368fbaa6dce1095e3

8eb365237e4cfe478b228d276598ff58c0b133fbcd374024b5903137cf196a3d

4fdc39276228cab7ef1ef26a084e920760fdaacd78b29e776f09da0a95ae39b0

183.60.132.220

Attack Patterns

Guntior

T1561

T1014

T1574

T1547

T1543

T1055

T1140

T1056

T1562