BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Gootkit Loader gets new deployment method to deliver Cobalt Strike

    According to a new Cybereason report, Gootkit malware is actively targeting medical and financial organizations in the US, UK and Australia. In attacks, Gootkit operators lure victims looking for agreements and contracts on DuckDuckGo and Google to an infected page, which eventually leads to the deployment of the Gootloader.

    Cybereason said it was investigating the incident as early as December 2022, when a new deployment method was adopted to bring Cobalt Strike and SystemBC into service. According to experts, the threat exhibited agile behavior, quickly heading to the infected network and gaining elevated privileges in less than 4 hours.

    The discovered campaign is notable because it hides malicious code in legitimate JavaScript libraries such as jQuery, Chroma.js, Sizzle.js, and Underscore.js. This code is then used to deliver a 40MB secondary JavaScript payload that establishes persistence and launches the malware.

    According to Cybereason, the Gootloader infection involves Cobalt Strike and SystemBC to carry out lateral movement and data theft, but the attack was eventually thwarted by cybersecurity specialists.

    The transformation of Gootloader into a complex downloader once again reflects how attackers are constantly looking for new targets and methods to maximize their profits, moving to the Malware-as-a-Service (MaaS) model and selling this access to other criminals in darknet.

    Author DeepWeb
    Reddit internal documents and source code stolen
    Applied Materials will suffer multi-million dollar losses due to a cyber attack on one of its suppliers

    Comments 0

    Add comment