Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Source
Advertisement


Our in-depth analysis of what began as an unusual PowerShell script revealed intrusion sets associated with Gootkit loader. In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files. We uncovered this tactic through managed extended detection and response (MxDR) and by investigating a flag for a PowerShell script that allowed us to stop it from causing any damage and dropping its payload.

Advertisement