Spoofed Saudi Purchase Order Drops GuLoader
FortiGuard Labs recently discovered an e-mail using this tactic.
The message was delivered to a coffee company in Ukraine that was seemingly sent by an oil provider in Saudi Arabia.
Purporting to be a purchase order, the partial PDF file image displayed in the body of the email was actually a link to an ISO file hosted in the cloud that contained an executable for GuLoader.
Also known as CloudEye and vbdropper, GuLoader dates to at least 2019 and is generally used to deploy other malware variants, such as Agent Tesla, Formbook, and Lokibot.
Featured Resources
blog
7 Essential Steps to Becoming Ransomware Resilient
According to Nationwide, the ransomware attacks have already surpassed one every 14 seconds and are expected to increase to every
blog
How Do You Know? Answers to help the board understand the value of your security program
This is Part 5 of our five-part series on Continuous Threat Exposure Management (CTEM). Boards and business leaders need more
CUSTOMERS
Insurance Leader Strengthens Security to Drive Innovation with Cymulate
This Indian insurance leader relies on Cymulate for automated exposure validation that optimizes security controls, tests the latest threats and
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe