| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Storm-0249 is an access broker active since 2021, known for distributing BazaLoader, IcedID, Bumblebee, and Emotet malware. The actor primarily employs phishing emails to deliver malware payloads, as evidenced by a campaign involving tax-themed emails that aimed to distribute BRc4 and Latrodectus malware. Storm-0249 has facilitated initial access for other threat actors, such as Storm-0501, by leveraging compromised credentials and exploiting known vulnerabilities in public-facing servers. Microsoft has detected malicious PDF attachments associated with Storm-0249's phishing campaigns.
| 2025-04-24
⋅
Mandiant
⋅
M-Trends 2025 Report Akira Black Basta LockBit SystemBC GootLoader LockBit WIREFIRE Akira Black Basta Cobalt Strike LockBit RansomHub SystemBC |
| 2025-04-03
⋅
Microsoft
⋅
Threat actors leverage tax season to deploy tax-themed phishing campaigns Brute Ratel C4 CloudEyE Latrodectus Remcos Storm-0249 |
| 2025-03-31
⋅
GootLoader Wordpress
⋅
Gootloader Returns: Malware Hidden in Google Ads for Legal Documents GootLoader |
| 2025-02-28
⋅
KrebsOnSecurity
⋅
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab FAKEUPDATES GootLoader |
| 2024-11-21
⋅
Intrinsec
⋅
PROSPERO & Proton66: Uncovering the links between bulletproof networks Coper SpyNote FAKEUPDATES GootLoader EugenLoader |
| 2024-11-20
⋅
Intrinsec
⋅
PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks Coper SpyNote FAKEUPDATES GootLoader EugenLoader IcedID Matanbuchus Nokoyawa Ransomware Pikabot |
| 2024-11-06
⋅
Sophos
⋅
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign GootLoader |
| 2024-11-01
⋅
Google
⋅
Finding Malware: Detecting GOOTLOADER with Google Security Operations. GootLoader |
| 2024-09-18
⋅
Twitter (@MsftSecIntel)
⋅
Tweet about threat actor Vanilla Tempest INC GootLoader Storm-0494 |
| 2024-08-20
⋅
Intel 471
⋅
Threat Hunting Case Study: Tracking Down GootLoader GootLoader |
| 2024-06-24
⋅
GootLoader Wordpress
⋅
Gootloader’s New Hideout Revealed: The Malware Hunt in WordPress’ Shadows GootLoader |
| 2024-05-13
⋅
Malsada Tech
⋅
Gootloader Isn’t Broken GootLoader |
| 2024-02-26
⋅
The DFIR Report
⋅
SEO Poisoning to Domain Control: The Gootloader Saga Continues GootLoader |
| 2024-02-14
⋅
GootLoader Wordpress
⋅
My-Game Retired? Latest Changes to Gootloader GootLoader |
| 2023-12-09
⋅
Github (struppigel)
⋅
AST based GootLoader unpacker, C2 extractor and deobfuscator GootLoader |
| 2023-11-07
⋅
SOCRadar
⋅
New Gootloader Variant “GootBot” Changes the Game in Malware Tactics GootLoader Cobalt Strike UNC2565 |
| 2023-11-06
⋅
Security Intelligence
⋅
GootBot – Gootloader’s new approach to post-exploitation GootLoader UNC2565 |
| 2023-11-02
⋅
Microsoft
⋅
Monthly news - November 2023 Storm-0249 Storm-0539 |
| 2023-08-10
⋅
Trustwave
⋅
Gootloader: Why your Legal Document Search May End in Misery GootLoader |
| 2023-06-23
⋅
Kroll
⋅
Deep Dive into GOOTLOADER Malware and Its Infection Chain GootLoader |
| 2023-06-22
⋅
Reliaquest
⋅
Goot to Loot - How a Gootloader Infection Led to Credential Access GootLoader SystemBC |
| 2023-04-26
⋅
eSentire
⋅
Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users GootLoader |
| 2023-02-14
⋅
Cybereason
⋅
GootLoader - SEO Poisoning and Large Payloads Leading to Compromise GootLoader Cobalt Strike SystemBC |
| 2023-01-26
⋅
Mandiant
⋅
Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations GootLoader UNC2565 |
| 2023-01-12
⋅
eSentire
⋅
Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity GootLoader |
| 2023-01-09
⋅
Trendmicro
⋅
Gootkit Loader Actively Targets Australian Healthcare Industry GootLoader GootKit |
| 2023-01-05
⋅
What is Gootloader? GootLoader |
| 2023-01-05
⋅
Gootloader Command & Control GootLoader |
| 2022-12-07
⋅
eSentire
⋅
GootLoader Striking with a New Infection Technique GootLoader |
| 2022-07-20
⋅
NVISO Labs
⋅
Analysis of a trojanized jQuery script: GootLoader unleashed GootLoader Cobalt Strike |
| 2022-07-14
⋅
Blackberry
⋅
GootLoader, From SEO Poisoning to Multi-Stage Downloader GootLoader |
| 2022-06-05
⋅
Dino Hacks
⋅
Loading GootLoader GootLoader |
| 2022-05-12
⋅
Red Canary
⋅
Gootloader and Cobalt Strike malware analysis GootLoader Cobalt Strike |
| 2022-05-12
⋅
Red Canary
⋅
The Goot cause: Detecting Gootloader and its follow-on activity GootLoader Cobalt Strike |
| 2022-05-09
⋅
The DFIR Report
⋅
SEO Poisoning – A Gootloader Story GootLoader LaZagne Cobalt Strike GootKit |
| 2022-05-04
⋅
HP
⋅
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware GootLoader |
| 2022-02-26
⋅
Mandiant
⋅
TRENDING EVIL Q1 2022 KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot |
| 2021-08-25
⋅
RiskIQ
⋅
EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader" GootLoader |
| 2021-08-12
⋅
Sophos
⋅
Gootloader’s “mothership” controls malicious content GootLoader |
| 2021-06-16
⋅
SentinelOne
⋅
Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets GootLoader |