SecuriTricks - gootloader

Threat Assessment: Distributors of BlackSuit Ransomware

Ignoble Scorpius, previously known as Royal ransomware, has rebranded as BlackSuit ransomware and increased its activity since March 2024. The group has targeted at least 93 victims globally, with a focus on the construction and manufacturing industries. Their initial ransom demands average 1.6% of…

ransomware

extortion

Published: November 20, 2024

Downloadable IOCs: 2

Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign

A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip fi…

Published: November 6, 2024

Downloadable IOCs: 14

Dissecting GootLoader With Node.js

This article demonstrates how to circumvent anti-analysis techniques employed by GootLoader malware while utilizing Node.js debugging in Visual Studio Code. GootLoader JavaScript files employ an evasion technique that can pose a formidable challenge for sandboxes attempting to analyze the malware. …

Published: July 4, 2024

Downloadable IOCs: 2

Gootloader walkthrough

The analysis delves into the intricate workings of the Gootloader malware campaign. Through a meticulously crafted social engineering scheme involving SEO poisoning and fake forums, threat actors lure unsuspecting victims into downloading a malicious JavaScript file disguised as a legitimate resour…

Published: May 24, 2024

Downloadable IOCs: 12

Tag: gootloader

Attack reports

Threat Assessment: Distributors of BlackSuit Ransomware

Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign

Dissecting GootLoader With Node.js

Gootloader walkthrough