FBI, CISA, EPA, INCD cybersecurity experts: Pro-Iran and IRGC-linked APT targeted U.S. WWS facilities that operate Unitronics Vision Series PLCs with HMI.
Technical analysis by the Malware Hunter JAMESWT
False order from Poland delivers unknown malware via Guloader. The email rar attachment contains an exe: the loader, which contacts a url and downloads the final payload. This however is unknown
A false order from Poland is the latest bait in a malware campaign via Guloader.
The rar attachment contains an exe file: the loader itself, which contacts another url and downloads the final payload. It is not clear at the moment what it is. Guloader has been used by cybercrime to carry different types of information stealers such as AgentTesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.