On taking a closer look, it was clear that GuLoader and DarkEye are very similar samples with payload embedded in the sample itself – therefore no download was necessary. There were references to “DarkEye protector” in those binaries. The discovery was made by Checkpoint researchers while reverse engineering what was detected as GuLoader malware samples. The following infographic shows GuLoader has been used to distribute different strands of malware like Formbook, Azorult, Remcos, NanoCore, Lokibot, among many others. GuLoader is a heavily used “network dropper” in 2020, used to distribute malware through cloud services like Google Drive, Dropbox, etc. EasySoft Di IVANO MANCINI – Via Lombardia, 8 – Fonte Nuova (RM) – Partita IVA: 13379111001 SD SOFTWARE DI DRAGNA SEBASTIANO FABIO – Via Paolo Bentivoglio, 17 – Catania (CT) – Partita IVA: 05276750873.
#Cloudeye crypter registration
It exists in plain sight on the internet as a legitimate business operation, and even has VAT registration numbers: To make matters interesting, the company isn’t a totally illicit dark web entity. The company has formerly advertised itself as “DarkEye” and “DarkEye Protector.” Conservative estimates put company’s monthly income at a minimum $500,000.Īccording to a recently released report, researchers at Checkpoint blame an Italian “company” CloudEyE for the widespread malware, GuLoader.
0 kommentar(er)
