top of page
Search

Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics.




MALWARE FAMILIES: Cobalt Strike, GootKit


ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1140 - Deobfuscate/Decode Files or Information, T1189 - Drive-by Compromise, T1055 - Process Injection, T1003 - OS Credential Dumping, T1104 - Multi-Stage Channels, T1176 - Browser Extensions, T1053 - Scheduled Task/Job, T1112 - Modify Registry, T1059.001 - PowerShell


Read More:

 
 
 

Comments


Commenting on this post isn't available anymore. Contact the site owner for more info.
bottom of page