SYMBOLCOMMON_NAMEaka. SYNONYMS
js.gootloader (Back to overview)

GootLoader


According to PCrisk, they discovered GootLoader malware while examining legitimate but compromised websites (mainly websites managed using WordPress). It was found that GootLoader is used to infect computers with additional malware. Cybercriminals using GootLoader seek to trick users into unknowingly downloading and executing the malware by disguising it as a document or other file.

References
2023-11-07SOCRadarSOCRadar
@online{socradar:20231107:new:70a6ba7, author = {SOCRadar}, title = {{New Gootloader Variant “GootBot” Changes the Game in Malware Tactics}}, date = {2023-11-07}, organization = {SOCRadar}, url = {https://socradar.io/new-gootloader-variant-gootbot-changes-the-game-in-malware-tactics/}, language = {English}, urldate = {2023-11-27} } New Gootloader Variant “GootBot” Changes the Game in Malware Tactics
GootLoader Cobalt Strike
2023-11-06Security IntelligenceGolo Mühr, Ole Villadsen
@online{mhr:20231106:gootbot:e37a082, author = {Golo Mühr and Ole Villadsen}, title = {{GootBot – Gootloader’s new approach to post-exploitation}}, date = {2023-11-06}, organization = {Security Intelligence}, url = {https://securityintelligence.com/x-force/gootbot-gootloaders-new-approach-to-post-exploitation/}, language = {English}, urldate = {2023-11-27} } GootBot – Gootloader’s new approach to post-exploitation
GootLoader
2023-08-10TrustwaveRodel Mendrez
@online{mendrez:20230810:gootloader:ec828a1, author = {Rodel Mendrez}, title = {{Gootloader: Why your Legal Document Search May End in Misery}}, date = {2023-08-10}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/gootloader-why-your-legal-document-search-may-end-in-misery/}, language = {English}, urldate = {2023-08-11} } Gootloader: Why your Legal Document Search May End in Misery
GootLoader
2023-06-23KrollKeith Wojcieszek, Ryan Hicks, George Glass
@online{wojcieszek:20230623:deep:04da3ed, author = {Keith Wojcieszek and Ryan Hicks and George Glass}, title = {{Deep Dive into GOOTLOADER Malware and Its Infection Chain}}, date = {2023-06-23}, organization = {Kroll}, url = {https://www.kroll.com/en/insights/publications/cyber/deep-dive-gootloader-malware-infection-chain}, language = {English}, urldate = {2023-07-13} } Deep Dive into GOOTLOADER Malware and Its Infection Chain
GootLoader
2023-06-22ReliaquestCaroline Fenstermacher
@online{fenstermacher:20230622:goot:936a660, author = {Caroline Fenstermacher}, title = {{Goot to Loot - How a Gootloader Infection Led to Credential Access}}, date = {2023-06-22}, organization = {Reliaquest}, url = {https://www.reliaquest.com/blog/gootloader-infection-credential-access/}, language = {English}, urldate = {2023-07-31} } Goot to Loot - How a Gootloader Infection Led to Credential Access
GootLoader SystemBC
2023-04-26eSentireJoe Stewart, Keegan Keplinger
@online{stewart:20230426:gootloader:eb8526b, author = {Joe Stewart and Keegan Keplinger}, title = {{Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users}}, date = {2023-04-26}, organization = {eSentire}, url = {https://www.esentire.com/web-native-pages/gootloader-unloaded}, language = {English}, urldate = {2023-04-26} } Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users
GootLoader
2023-02-14CybereasonCybereason Incident Response (IR) team
@techreport{team:20230214:gootloader:8d38f70, author = {Cybereason Incident Response (IR) team}, title = {{GootLoader - SEO Poisoning and Large Payloads Leading to Compromise}}, date = {2023-02-14}, institution = {Cybereason}, url = {https://web.archive.org/web/20230209123148/https://www.cybereason.com/hubfs/THREAT%20ALERT%20GootLoader%20-%20Large%20payload%20leading%20to%20compromise%20(BLOG).pdf}, language = {English}, urldate = {2023-07-31} } GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
GootLoader Cobalt Strike SystemBC
2023-01-26MandiantGovand Sinjari, Andy Morales
@online{sinjari:20230126:welcome:3e0ada1, author = {Govand Sinjari and Andy Morales}, title = {{Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations}}, date = {2023-01-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations}, language = {English}, urldate = {2023-01-31} } Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
GootLoader UNC2565
2023-01-12eSentireeSentire
@online{esentire:20230112:gootloader:f7d653f, author = {eSentire}, title = {{Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity}}, date = {2023-01-12}, organization = {eSentire}, url = {https://www.esentire.com/blog/gootloader-leads-to-cobalt-strike-and-hand-on-keyboard-activity}, language = {English}, urldate = {2023-01-16} } Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity
GootLoader
2023-01-09TrendmicroHitomi Kimura, Ryan Maglaque, Fe Cureg, Trent Bessell
@online{kimura:20230109:gootkit:585185a, author = {Hitomi Kimura and Ryan Maglaque and Fe Cureg and Trent Bessell}, title = {{Gootkit Loader Actively Targets Australian Healthcare Industry}}, date = {2023-01-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html}, language = {English}, urldate = {2023-11-13} } Gootkit Loader Actively Targets Australian Healthcare Industry
GootLoader GootKit
2023-01-05gootloadersites
@online{gootloadersites:20230105:what:96f644b, author = {gootloadersites}, title = {{What is Gootloader?}}, date = {2023-01-05}, url = {https://gootloader.wordpress.com/2023/01/05/what-is-gootloader/}, language = {English}, urldate = {2023-07-28} } What is Gootloader?
GootLoader
2023-01-05gootloadersites
@online{gootloadersites:20230105:gootloader:7f1b176, author = {gootloadersites}, title = {{Gootloader Command & Control}}, date = {2023-01-05}, url = {https://gootloader.wordpress.com/2023/01/05/gootloader-command-control/}, language = {English}, urldate = {2023-07-28} } Gootloader Command & Control
GootLoader
2022-12-07eSentireeSentire Threat Response Unit (TRU)
@online{tru:20221207:gootloader:fd84189, author = {eSentire Threat Response Unit (TRU)}, title = {{GootLoader Striking with a New Infection Technique}}, date = {2022-12-07}, organization = {eSentire}, url = {https://www.esentire.com/blog/gootloader-striking-with-a-new-infection-technique}, language = {English}, urldate = {2023-01-05} } GootLoader Striking with a New Infection Technique
GootLoader
2022-07-20NVISO LabsSasja Reynaert
@online{reynaert:20220720:analysis:7a5093f, author = {Sasja Reynaert}, title = {{Analysis of a trojanized jQuery script: GootLoader unleashed}}, date = {2022-07-20}, organization = {NVISO Labs}, url = {https://blog.nviso.eu/2022/07/20/analysis-of-a-trojanized-jquery-script-gootloader-unleashed/}, language = {English}, urldate = {2022-07-25} } Analysis of a trojanized jQuery script: GootLoader unleashed
GootLoader Cobalt Strike
2022-07-14BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220714:gootloader:5b31240, author = {The BlackBerry Research & Intelligence Team}, title = {{GootLoader, From SEO Poisoning to Multi-Stage Downloader}}, date = {2022-07-14}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/07/gootloader-from-seo-poisoning-to-multi-stage-downloader}, language = {English}, urldate = {2022-07-18} } GootLoader, From SEO Poisoning to Multi-Stage Downloader
GootLoader
2022-06-05Dino HacksNiranjan Hegde
@online{hegde:20220605:loading:917dd2b, author = {Niranjan Hegde}, title = {{Loading GootLoader}}, date = {2022-06-05}, organization = {Dino Hacks}, url = {https://dinohacks.blogspot.com/2022/06/loading-gootloader.html}, language = {English}, urldate = {2022-06-09} } Loading GootLoader
GootLoader
2022-05-12Red CanaryTony Lambert, Lauren Podber
@techreport{lambert:20220512:gootloader:4562030, author = {Tony Lambert and Lauren Podber}, title = {{Gootloader and Cobalt Strike malware analysis}}, date = {2022-05-12}, institution = {Red Canary}, url = {https://redcanary.com/wp-content/uploads/2022/05/Gootloader.pdf}, language = {English}, urldate = {2022-05-13} } Gootloader and Cobalt Strike malware analysis
GootLoader Cobalt Strike
2022-05-12Red CanaryTony Lambert, Lauren Podber
@online{lambert:20220512:goot:1fc62fa, author = {Tony Lambert and Lauren Podber}, title = {{The Goot cause: Detecting Gootloader and its follow-on activity}}, date = {2022-05-12}, organization = {Red Canary}, url = {https://redcanary.com/blog/gootloader}, language = {English}, urldate = {2022-05-13} } The Goot cause: Detecting Gootloader and its follow-on activity
GootLoader Cobalt Strike
2022-05-09The DFIR ReportThe DFIR Report
@online{report:20220509:seo:cc8b1c2, author = {The DFIR Report}, title = {{SEO Poisoning – A Gootloader Story}}, date = {2022-05-09}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/}, language = {English}, urldate = {2022-06-09} } SEO Poisoning – A Gootloader Story
GootLoader LaZagne Cobalt Strike GootKit
2022-05-04HPPatrick Schläpfer
@online{schlpfer:20220504:tips:f12f7ba, author = {Patrick Schläpfer}, title = {{Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware}}, date = {2022-05-04}, organization = {HP}, url = {https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/}, language = {English}, urldate = {2022-05-05} } Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader
2022-02-26MandiantMandiant
@online{mandiant:20220226:trending:a445d4a, author = {Mandiant}, title = {{TRENDING EVIL Q1 2022}}, date = {2022-02-26}, organization = {Mandiant}, url = {https://experience.mandiant.com/trending-evil/p/1}, language = {English}, urldate = {2022-03-14} } TRENDING EVIL Q1 2022
KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot
2021-08-25RiskIQJordan Herman
@online{herman:20210825:eitest:e4c2c31, author = {Jordan Herman}, title = {{EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"}}, date = {2021-08-25}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f5d5ed38}, language = {English}, urldate = {2021-08-30} } EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"
GootLoader
2021-08-12SophosGabor Szappanos, Andrew Brandt
@online{szappanos:20210812:gootloaders:84e3100, author = {Gabor Szappanos and Andrew Brandt}, title = {{Gootloader’s “mothership” controls malicious content}}, date = {2021-08-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/}, language = {English}, urldate = {2021-08-25} } Gootloader’s “mothership” controls malicious content
GootLoader
2021-06-16SentinelOneAntonio Pirozzi
@online{pirozzi:20210616:gootloader:b2ba777, author = {Antonio Pirozzi}, title = {{Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets}}, date = {2021-06-16}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/gootloader-initial-access-as-a-service-platform-expands-its-search-for-high-value-targets/}, language = {English}, urldate = {2021-06-21} } Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets
GootLoader

There is no Yara-Signature yet.