Gootloader
· Published 21/12/2025 03:26 · Modified 21/12/2025 07:44
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 03:26
- Modified
- 21/12/2025 07:44
- Updated at
- 21/12/2025 07:44
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 4 reports, 33 attack patterns (mitre), 3 malware, 1 sectors, 1 countries, 50 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (4)
-
6 MITREs 1 Malware 1 APT
-
6 MITREs 1 Malware 12 Observables 1 APT
-
2 Malwares 14 Observables 1 APT
-
8 MITREs 1 Malware 2 Observables 1 APT
Attack patterns (MITRE) (33)
-
T1562.001 usesDisable or Modify Tools MITRE
-
T1185 usesBrowser Session Hijacking MITRE
-
T1608.004 usesDrive-by Target MITRE
-
T1190 usesExploit Public-Facing Application MITRE
-
T1087 usesAccount Discovery MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1087.001 usesLocal Account MITRE
-
T1102.002 usesBidirectional Communication MITRE
-
T1204.002 usesMalicious File MITRE
Malware (3)
-
GootKit usesFamily
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Gootloader usesThe MITRE Corporation Confidence 100
[Gootloader](https://attack.mitre.org/software/S1138) is a Javascript-based infection framework that has been used since at least 2020 as a delivery method for the Gootkit banking trojan, [Cobalt Strike](https://attack.mitre.org/software/S0154), [REvil](https://attack.mitre.org/software/S0496), and others.…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (1)
-
Technology targets
Countries (1)
-
Australia targets
Indicators (50)
-
http://blog.lilianpraskova.cz/xmlrpc.xn--php-9o0a.indicates -
hrclubphilippines.comindicates -
95baedeb3be98760929c05055e516054db8c396cf5fce92784885f8a802ccc8findicates -
c853d91501111a873a027bd3b9b4dab9dd940e89fcfec51efbb6f0db0ba6687bindicates -
daraltanweer.comindicates -
258cb1d60a000e8e0bb6dc751b3dc14152628d9dd96454a3137d124a132a4e69indicates -
03a46ad7873ddb6663377282640d45e38697e0fdc1512692bcaee3cbba1aa016indicates -
https://www.cobaltstrike.com/blog/what-happens-when-i-type-getsystemindicates -
https://www.cobaltstrike.com/blog/windows-access-tokens-and-alternate-credentialsindicates -
831955bd05186381a8f15539a41f48166873eab3feb55fb1104202e4152bd507indicates -
montages.noindicates -
mediacratia.ruindicates