SYMBOLCOMMON_NAMEaka. SYNONYMS
js.gootloader (Back to overview)

GootLoader


There is no description at this point.

References
2023-01-26MandiantGovand Sinjari, Andy Morales
@online{sinjari:20230126:welcome:3e0ada1, author = {Govand Sinjari and Andy Morales}, title = {{Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations}}, date = {2023-01-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations}, language = {English}, urldate = {2023-01-31} } Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
GootLoader
2023-01-12eSentireeSentire
@online{esentire:20230112:gootloader:f7d653f, author = {eSentire}, title = {{Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity}}, date = {2023-01-12}, organization = {eSentire}, url = {https://www.esentire.com/blog/gootloader-leads-to-cobalt-strike-and-hand-on-keyboard-activity}, language = {English}, urldate = {2023-01-16} } Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity
GootLoader
2022-12-07eSentireeSentire Threat Response Unit (TRU)
@online{tru:20221207:gootloader:fd84189, author = {eSentire Threat Response Unit (TRU)}, title = {{GootLoader Striking with a New Infection Technique}}, date = {2022-12-07}, organization = {eSentire}, url = {https://www.esentire.com/blog/gootloader-striking-with-a-new-infection-technique}, language = {English}, urldate = {2023-01-05} } GootLoader Striking with a New Infection Technique
GootLoader
2022-07-20NVISO LabsSasja Reynaert
@online{reynaert:20220720:analysis:7a5093f, author = {Sasja Reynaert}, title = {{Analysis of a trojanized jQuery script: GootLoader unleashed}}, date = {2022-07-20}, organization = {NVISO Labs}, url = {https://blog.nviso.eu/2022/07/20/analysis-of-a-trojanized-jquery-script-gootloader-unleashed/}, language = {English}, urldate = {2022-07-25} } Analysis of a trojanized jQuery script: GootLoader unleashed
GootLoader Cobalt Strike
2022-07-14BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220714:gootloader:5b31240, author = {The BlackBerry Research & Intelligence Team}, title = {{GootLoader, From SEO Poisoning to Multi-Stage Downloader}}, date = {2022-07-14}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/07/gootloader-from-seo-poisoning-to-multi-stage-downloader}, language = {English}, urldate = {2022-07-18} } GootLoader, From SEO Poisoning to Multi-Stage Downloader
GootLoader
2022-06-05Dino HacksNiranjan Hegde
@online{hegde:20220605:loading:917dd2b, author = {Niranjan Hegde}, title = {{Loading GootLoader}}, date = {2022-06-05}, organization = {Dino Hacks}, url = {https://dinohacks.blogspot.com/2022/06/loading-gootloader.html}, language = {English}, urldate = {2022-06-09} } Loading GootLoader
GootLoader
2022-05-12Red CanaryTony Lambert, Lauren Podber
@techreport{lambert:20220512:gootloader:4562030, author = {Tony Lambert and Lauren Podber}, title = {{Gootloader and Cobalt Strike malware analysis}}, date = {2022-05-12}, institution = {Red Canary}, url = {https://redcanary.com/wp-content/uploads/2022/05/Gootloader.pdf}, language = {English}, urldate = {2022-05-13} } Gootloader and Cobalt Strike malware analysis
GootLoader Cobalt Strike
2022-05-12Red CanaryTony Lambert, Lauren Podber
@online{lambert:20220512:goot:1fc62fa, author = {Tony Lambert and Lauren Podber}, title = {{The Goot cause: Detecting Gootloader and its follow-on activity}}, date = {2022-05-12}, organization = {Red Canary}, url = {https://redcanary.com/blog/gootloader}, language = {English}, urldate = {2022-05-13} } The Goot cause: Detecting Gootloader and its follow-on activity
GootLoader Cobalt Strike
2022-05-09The DFIR ReportThe DFIR Report
@online{report:20220509:seo:cc8b1c2, author = {The DFIR Report}, title = {{SEO Poisoning – A Gootloader Story}}, date = {2022-05-09}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/}, language = {English}, urldate = {2022-06-09} } SEO Poisoning – A Gootloader Story
GootLoader LaZagne Cobalt Strike GootKit
2022-05-04HPPatrick Schläpfer
@online{schlpfer:20220504:tips:f12f7ba, author = {Patrick Schläpfer}, title = {{Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware}}, date = {2022-05-04}, organization = {HP}, url = {https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware/}, language = {English}, urldate = {2022-05-05} } Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
GootLoader
2022-02-26MandiantMandiant
@online{mandiant:20220226:trending:a445d4a, author = {Mandiant}, title = {{TRENDING EVIL Q1 2022}}, date = {2022-02-26}, organization = {Mandiant}, url = {https://experience.mandiant.com/trending-evil/p/1}, language = {English}, urldate = {2022-03-14} } TRENDING EVIL Q1 2022
KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot
2021-08-25RiskIQJordan Herman
@online{herman:20210825:eitest:e4c2c31, author = {Jordan Herman}, title = {{EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"}}, date = {2021-08-25}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f5d5ed38}, language = {English}, urldate = {2021-08-30} } EITest: Linkages to the Ongoing Malware Delivery Campaign Referred to as "Gootloader"
GootLoader
2021-08-12SophosGabor Szappanos, Andrew Brandt
@online{szappanos:20210812:gootloaders:84e3100, author = {Gabor Szappanos and Andrew Brandt}, title = {{Gootloader’s “mothership” controls malicious content}}, date = {2021-08-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/}, language = {English}, urldate = {2021-08-25} } Gootloader’s “mothership” controls malicious content
GootLoader
2021-06-16SentinelOneAntonio Pirozzi
@online{pirozzi:20210616:gootloader:b2ba777, author = {Antonio Pirozzi}, title = {{Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets}}, date = {2021-06-16}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/gootloader-initial-access-as-a-service-platform-expands-its-search-for-high-value-targets/}, language = {English}, urldate = {2021-06-21} } Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets
GootLoader

There is no Yara-Signature yet.