Gootloader: Initial Access as a Service Platform Expands Its Search for High Value Targets

Security Alert
Published June 17, 2021

The ongoing Gootloader campaign expands its scope to highly sensitive assets worldwide including financial, military, automotive, pharmaceutical and energy sectors, operating on an Initial Access as a Service model.

 

GROUP:
MALWARE FAMILIES:
Cobalt StrikeGootloader
ATT&CK IDS:
T1566 – PhishingT1566.002 – Spearphishing LinkT1189 – Drive-by CompromiseT1059.001 – PowerShellT1059.007 – JavaScriptT1204.002 – Malicious FileT1547 – Boot or Logon Autostart ExecutionT1027 – Obfuscated Files or InformationT1055.012 – Process Hollowing

Related Content

Emerging Ransomware Groups

Emerging Ransomware Groups

Emerging Ransomware Groups: AvosLocker, Hive, HelloKitty, LockBit 2.0 A look at some of the emerging ransomware groups...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.