top of page

Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics.

MALWARE FAMILIES: Cobalt Strike, GootKit

ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1140 - Deobfuscate/Decode Files or Information, T1189 - Drive-by Compromise, T1055 - Process Injection, T1003 - OS Credential Dumping, T1104 - Multi-Stage Channels, T1176 - Browser Extensions, T1053 - Scheduled Task/Job, T1112 - Modify Registry, T1059.001 - PowerShell

Read More:

1 view


Commenting has been turned off.
bottom of page