Gootkit: the cautious Trojan

Security Alert
Published June 7, 2021

Gootkit is complex multi-stage banking malware that was discovered for the first time by Doctor Web in 2014. Initially, it was distributed via spam and exploits kits such as Spelevo and RIG. In conjunction with spam campaigns, the adversaries later switched to compromised websites where the visitors are tricked into downloading the malware.

TAGS:
phishinggootkitantivmantidebuggerspamjavascript
TARGETED COUNTRIES:
MALWARE FAMILY:
GootKit
ATT&CK IDS:
T1140 – Deobfuscate/Decode Files or InformationT1055 – Process InjectionT1560 – Archive Collected DataT1547 – Boot or Logon Autostart ExecutionT1548 – Abuse Elevation Control MechanismT1553 – Subvert Trust ControlsT1059 – Command and Scripting InterpreterT1056 – Input CaptureT1503 – Credentials from Web BrowsersT1497.001 – System ChecksT1112 – Modify RegistryT1592 – Gather Victim Host Information

Related Content

0 Comments

Submit a Comment

Your email address will not be published.

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.