Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Stormsec
Jul 29, 2022
1 min read

Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics.

REFERENCE: https://www.trendmicro.com/en_us/research/22/g/gootkit-loaders-updated-tactics-and-fileless-delivery-of-cobalt-strike.html

TAGS: cobalt strike , gootkit

MALWARE FAMILIES: Cobalt Strike, GootKit

ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1140 - Deobfuscate/Decode Files or Information, T1189 - Drive-by Compromise, T1055 - Process Injection, T1003 - OS Credential Dumping, T1104 - Multi-Stage Channels, T1176 - Browser Extensions, T1053 - Scheduled Task/Job, T1112 - Modify Registry, T1059.001 - PowerShell

Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Recent Posts

Comments

Privacy Policy

Service Terms and conditions

Tech Terms and conditions

Subscribe to Our Newsletter