Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics.
TAGS: cobalt strike, gootkit
MALWARE FAMILIES: Cobalt Strike, GootKit
ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1140 - Deobfuscate/Decode Files or Information, T1189 - Drive-by Compromise, T1055 - Process Injection, T1003 - OS Credential Dumping, T1104 - Multi-Stage Channels, T1176 - Browser Extensions, T1053 - Scheduled Task/Job, T1112 - Modify Registry, T1059.001 - PowerShell
Read More:
Comentários