Tag: guloader

4 Attack Reports | 0 Vulnerabilities

Attack reports

Makop ransomware: GuLoader and privilege escalation in attacks against Indian businesses

Makop, a ransomware strain derived from Phobos, is targeting Indian businesses through exposed RDP systems. The attackers employ a diverse toolkit including network scanners, privilege escalation exploits, and AV killers. They have integrated GuLoader, a downloader trojan, to deliver secondary payl…
ransomware
guloader
privilege escalation
CVE-2020-0787
lazagne
credential dumping
network scanning
rdp exploitation
CVE-2025-7771
2025-12-09
CVE-2016-0099
CVE-2017-0213
CVE-2018-8639
CVE-2019-1388
CVE-2020-0796
CVE-2020-1066
CVE-2021-41379
CVE-2022-24521
makop
Published: December 9, 2025
Linked vulnerabilities : CVE-2020-0787, CVE-2025-7771 (CVSS 8.7), CVE-2016-0099, CVE-2020-1066, CVE-2018-8639, CVE-2020-0796, CVE-2019-1388, CVE-2021-41379, CVE-2022-24521, CVE-2017-0213
Downloadable IOCs: 62

Threat actors leverage tax season to deploy tax-themed phishing campaigns

Microsoft has observed several phishing campaigns using tax-related themes to steal credentials and deploy malware as Tax Day approaches in the United States. These campaigns use redirection methods like URL shorteners and QR codes in malicious attachments, and abuse legitimate services to avoid de…
malware
phishing
social engineering
remcos
credential theft
latrodectus
guloader
redirection
qr codes
remote access trojans
2025-04-03
tax season
ahkbot
bruteratel c4
Published: April 3, 2025
Downloadable IOCs: 0

Threat Actor Abuses Cloudflare Tunnels to Deliver RATs

Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware, particularly remote access trojans (RATs) like Xworm, AsyncRAT, VenomRAT, GuLoader, and Remcos. The campaigns employ various techniques, such as using URL files to establish connectio…
xworm
remcos
asyncrat
venomrat
guloader
rats
webdav
cloudflare
2024-08-01
Published: August 1, 2024
Downloadable IOCs: 13

Files with TXZ extension used as malspam attachments

A recent report describes a malspam campaign distributing malware payloads in attachments with TXZ file extensions. The attachments were RAR archives with renamed extensions, likely attempting to exploit native TXZ support in Windows 11. Two campaigns distributed the payloads, one with GuLoader mal…
malspam
2024-05-28
formbook
guloader
Published: May 28, 2024
Downloadable IOCs: 2
Click here to see more Attack Reports