Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎11-08-2023 09:00 PM
‎11-08-2023 09:00 PM

GootBot – Gootloader’s new approach to post-exploitation

Hi All

 

IBM X-Force discovered a new variant of Gootloader — the “GootBot” implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims’ search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detection's when using off-the-shelf tools for C2 such as Cobalt Strike or RDP. This new variant is a lightweight but effective malware allowing attackers to rapidly spread throughout the network and deploy further payloads.

 

Regards

 

Caute_Cautim

 

 

Reply
1 Reply
marcoperson250
Newcomer I
‎12-27-2023 04:12 AM
‎12-27-2023 04:12 AM

Thanks for sharing valuable insights.

Reply