Updated 2024-01-08-IOCs-for-GootLoader-infection.txt

PaloAltoNetworks · Jan 16, 2024 · fad578f · fad578f
1 parent 0092416
commit fad578f
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/2024-01-08-IOCs-for-GootLoader-infection.txt b/2024-01-08-IOCs-for-GootLoader-infection.txt
@@ -1,5 +1,10 @@
 2024-01-08 (MONDAY): GOOTLOADER INFECTION
 
+REFERENCES:
+
+- https://www.linkedin.com/posts/unit42_gootloader-unit42threatintel-timelythreatintel-activity-7150172074219651074-KCt3
+- https://twitter.com/Unit42_Intel/status/1744406454210036096
+
 CHAIN OF EVENTS:
 
 - Fake forum post page --> link to zip download --> zip --> extracted .js file --> Gootloader C2
@@ -44,4 +49,4 @@ POST-INFECTION TRAFFIC:
 - hxxps://mihfada[.]com/xmlrpc.php
 - hxxps://musify[.]co/xmlrpc.php
 - hxxps://ostadmajazi[.]com/xmlrpc.php  <-- attempted TCP connections, not successful
-- hxxps://palladiummall[.]com/xmlrpc.php
+- hxxps://palladiummall[.]com/xmlrpc.php