Skip to content

Commit

Permalink
Updated 2024-05-09-IOCs-from-GootLoader-activity.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored May 10, 2024
1 parent 3c2e293 commit dccee05
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion 2024-05-09-IOCs-from-GootLoader-activity.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
2024-05-09 (THURSDAY): GOOTLOADER ACTIVITY

REFERENCES:

- https://www.linkedin.com/posts/unit42_gootloader-unit42threatintel-timelythreatintel-activity-7194787295676313600-UylW
- https://twitter.com/Unit42_Intel/status/1789021679634505978

INFECTION CHAIN:

- Google search on a topic leads to compromised site with fake forum post --> download zip -->
Expand Down Expand Up @@ -59,4 +64,4 @@ ASSOCIATED MALWARE:
- File type: ASCII text, with very long lines (65536), with no line terminators
- File location: C:\Users\[username]\AppData\Roaming\[existing directory]\Build Automation.js
- File description: Persistent JavaScript file for GootLoader infection
- Run method: wscript.exe [file]
- Run method: wscript.exe [file]

0 comments on commit dccee05

Please sign in to comment.