Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
May 8, 2024, 5:29 p.m.
Tags
External References
Description
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Date
Published: May 8, 2024, 1:32 p.m.
Created: May 8, 2024, 1:32 p.m.
Modified: May 8, 2024, 5:29 p.m.
Indicators
eddbe87f2009cb3199def0845ccf01d0397c126aca6f55e2a9516616825cebb1
e49ad00deda88a198f2728a3d276f0b55f892d3088bc861538a005e443d81a92
b32cf71e325ceaa8982e6ebed33f95894f2591397e08404368fbaa6dce1095e3
8eb365237e4cfe478b228d276598ff58c0b133fbcd374024b5903137cf196a3d
4fdc39276228cab7ef1ef26a084e920760fdaacd78b29e776f09da0a95ae39b0
183.60.132.220
Attack Patterns
Guntior
T1561
T1014
T1574
T1547
T1543
T1055
T1140
T1056
T1562