ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Gootkit

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Gootkit

NamesGootkit
Xswkit
talalpek
CategoryMalware
TypeBackdoor, Banking trojan, Credential stealer, Info stealer
Description(Sentinel Labs) The Gootkit Banking Trojan was discovered back in 2014, and utilizes the Node.JS library to perform a range of malicious tasks, from website injections and password grabbing, all the way up to video recording and remote VNC capabilities. Since its discovery in 2014, the actors behind Gootkit have continued to update the codebase to slow down analysis and thwart automated sandboxes. This post will take a look into the first stage of Gootkit, which contains the unpacking phase and a malicious downloader that sets up the infected system, and its multiple anti-analysis mechanisms.
Information<https://labs.sentinelone.com/gootkit-banking-trojan-deep-dive-anti-analysis-features/>
<https://threatvector.cylance.com/en_us/home/threat-spotlight-gootkit-banking-trojan.html>
<https://securityintelligence.com/news/new-gootkit-malware-sample-evades-detection-with-path-exclusion/>
<https://www.lexsi.com/securityhub/homer-simpson-brian-krebs-rencontrent-zeus-gootkit/>
<http://blog.cert.societegenerale.com/2015/04/analyzing-gootkits-persistence-mechanism.html>
<https://securityintelligence.com/gootkit-developers-dress-it-up-with-web-traffic-proxy/>
<https://forums.juniper.net/t5/Security-Now/New-Gootkit-Banking-Trojan-variant-pushes-the-limits-on-evasive/ba-p/319055>
<https://www.f5.com/labs/articles/threat-intelligence/tackling-gootkit-s-traps>
<https://securelist.com/blog/research/76433/inside-the-gootkit-cc-server/>
<https://www.us-cert.gov/ncas/alerts/TA16-336A>
<http://www.vkremez.com/2018/04/lets-learn-in-depth-dive-into-gootkit.html>
<https://securityintelligence.com/gootkit-bobbing-and-weaving-to-avoid-prying-eyes/>
<https://www.s21sec.com/en/blog/2016/05/reverse-engineering-gootkit/>
<http://blog.trendmicro.com/trendlabs-security-intelligence/fake-judicial-spam-leads-to-backdoor-with-fake-certificate-authority/>
<https://news.drweb.com/show/?i=4338&lng=en>
<https://www.cyphort.com/angler-ek-leads-to-fileless-gootkit/>
<https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/>
<https://securelist.com/gootkit-the-cautious-trojan/102731/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.gootkit>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Gootkit>

Last change to this tool card: 14 June 2021

Download this tool card in JSON format

All groups using tool Gootkit

ChangedNameCountryObserved

Other groups

 TA554[Unknown]2017 

1 group listed (0 APT, 1 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key