Gootkit is complex multi-stage banking malware that was discovered for the first time by Doctor Web in 2014. Initially, it was distributed via spam and exploits kits such as Spelevo and RIG. In conjunction with spam campaigns, the adversaries later switched to compromised websites where the visitors are tricked into downloading the malware.
TAGS:
phishing, gootkit, antivm, antidebugger, spam, javascript
MALWARE FAMILY:
GootKit
ATT&CK IDS:
T1140 – Deobfuscate/Decode Files or Information, T1055 – Process Injection, T1560 – Archive Collected Data, T1547 – Boot or Logon Autostart Execution, T1548 – Abuse Elevation Control Mechanism, T1553 – Subvert Trust Controls, T1059 – Command and Scripting Interpreter, T1056 – Input Capture, T1503 – Credentials from Web Browsers, T1497.001 – System Checks, T1112 – Modify Registry, T1592 – Gather Victim Host Information
0 Comments