GootLoader (Malware Family)

GootLoader

According to PCrisk, they discovered GootLoader malware while examining legitimate but compromised websites (mainly websites managed using WordPress). It was found that GootLoader is used to infect computers with additional malware. Cybercriminals using GootLoader seek to trick users into unknowingly downloading and executing the malware by disguising it as a document or other file.

References

2024-02-14 ⋅ GootLoader Wordpress ⋅ gootloadersites
My-Game Retired? Latest Changes to Gootloader
GootLoader

2023-12-09 ⋅ Github (struppigel) ⋅ Karsten Hahn
AST based GootLoader unpacker, C2 extractor and deobfuscator
GootLoader

2023-11-07 ⋅ SOCRadar ⋅ SOCRadar
New Gootloader Variant “GootBot” Changes the Game in Malware Tactics
GootLoader Cobalt Strike UNC2565

2023-11-06 ⋅ Security Intelligence ⋅ Golo Mühr, Ole Villadsen
GootBot – Gootloader’s new approach to post-exploitation
GootLoader UNC2565

2023-08-10 ⋅ Trustwave ⋅ Rodel Mendrez
Gootloader: Why your Legal Document Search May End in Misery
GootLoader

2023-06-23 ⋅ Kroll ⋅ George Glass, Keith Wojcieszek, Ryan Hicks
Deep Dive into GOOTLOADER Malware and Its Infection Chain
GootLoader

2023-06-22 ⋅ Reliaquest ⋅ Caroline Fenstermacher
Goot to Loot - How a Gootloader Infection Led to Credential Access
GootLoader SystemBC

2023-04-26 ⋅ eSentire ⋅ Joe Stewart, Keegan Keplinger
Gootloader Unloaded: Researchers Launch Multi-Pronged Offensive Against Gootloader, Cutting Off Traffic to Thousands of Gootloader Web Pages and Using the Operator’s Very Own Tactics to Protect End-Users
GootLoader

2023-02-14 ⋅ Cybereason ⋅ Cybereason Incident Response (IR) team
GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
GootLoader Cobalt Strike SystemBC

2023-01-26 ⋅ Mandiant ⋅ Andy Morales, Govand Sinjari
Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
GootLoader UNC2565

2023-01-12 ⋅ eSentire ⋅ eSentire
Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity
GootLoader

2023-01-09 ⋅ Trendmicro ⋅ Fe Cureg, Hitomi Kimura, Ryan Maglaque, Trent Bessell
Gootkit Loader Actively Targets Australian Healthcare Industry
GootLoader GootKit

2023-01-05 ⋅ gootloadersites
Gootloader Command & Control
GootLoader

2023-01-05 ⋅ gootloadersites
What is Gootloader?
GootLoader

2022-12-07 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
GootLoader Striking with a New Infection Technique
GootLoader

2022-07-20 ⋅ NVISO Labs ⋅ Sasja Reynaert
Analysis of a trojanized jQuery script: GootLoader unleashed
GootLoader Cobalt Strike

2022-07-14 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
GootLoader, From SEO Poisoning to Multi-Stage Downloader
GootLoader

2022-06-05 ⋅ Dino Hacks ⋅ Niranjan Hegde
Loading GootLoader
GootLoader

2022-05-12 ⋅ Red Canary ⋅ Lauren Podber, Tony Lambert
The Goot cause: Detecting Gootloader and its follow-on activity
GootLoader Cobalt Strike

2022-05-12 ⋅ Red Canary ⋅ Lauren Podber, Tony Lambert
Gootloader and Cobalt Strike malware analysis
GootLoader Cobalt Strike

2022-05-09 ⋅ The DFIR Report ⋅ The DFIR Report
SEO Poisoning – A Gootloader Story
GootLoader LaZagne Cobalt Strike GootKit

2022-05-04 ⋅ HP ⋅ Patrick Schläpfer
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader

2022-02-26 ⋅ Mandiant ⋅ Mandiant
TRENDING EVIL Q1 2022
KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot

2021-08-25 ⋅ RiskIQ ⋅ Jordan Herman
EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"
GootLoader

2021-08-12 ⋅ Sophos ⋅ Andrew Brandt, Gabor Szappanos
Gootloader’s “mothership” controls malicious content
GootLoader

2021-06-16 ⋅ SentinelOne ⋅ Antonio Pirozzi
Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets
GootLoader

There is no Yara-Signature yet.

GootLoader Propose Change

References

GootLoader